You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/sentinel/fusion.md
+5-5Lines changed: 5 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -44,11 +44,11 @@ Rule templates are not applicable for the advanced multistage attack detection.
44
44
45
45
Using advanced multistage attack detection, Azure Sentinel supports the following scenarios that combine anomaly events from Azure Active Directory Identity Protection and Microsoft Cloud App Security:
46
46
47
-
-[Impossible travel to atypical location followed by anomalous Office 365 activity](#impossible-travel-to-atypical-location)
48
-
-[Sign-in activity for unfamiliar location followed by anomalous Office 365 activity](#sign-in-activity-for-unfamiliar-location)
49
-
-[Sign-in activity from infected device followed by anomalous Office 365 activity](#sign-in-activity-from-infected-device)
50
-
-[Sign-in activity from anonymous IP address followed by anomalous Office 365 activity](#sign-in-activity-from-anonymous-ip-address)
51
-
-[Sign-in activity from user with leaked credentials followed by anomalous Office 365 activity](#sign-in-activity-from-user-with-leaked-credentials)
47
+
-[Impossible travel to atypical location followed by anomalous Office 365 activity](##impossible-travel-to-atypical-location-followed-by-anomalous-office-365-activity)
48
+
-[Sign-in activity for unfamiliar location followed by anomalous Office 365 activity](#sign-in-activity-for-unfamiliar-location-followed-by-anomalous-office-365-activity)
49
+
-[Sign-in activity from infected device followed by anomalous Office 365 activity](#sign-in-activity-from-infected-device-followed-by-anomalous-office-365-activity)
50
+
-[Sign-in activity from anonymous IP address followed by anomalous Office 365 activity](#sign-in-activity-from-anonymous-ip-address-followed-by-anomalous-office-365-activity)
51
+
-[Sign-in activity from user with leaked credentials followed by anomalous Office 365 activity](#sign-in-activity-from-user-with-leaked-credentials-followed-by-anomalous-office-365-activity)
52
52
53
53
You must have the [Azure AD Identity Protection data connector](connect-azure-ad-identity-protection.md) and the [Cloud App Security](connect-cloud-app-security.md) connectors configured.
0 commit comments