Update credential_access_azure_entra_susp_device_code_signin.toml

Samirbous · Samirbous · commit 1dc76077c031 · 2025-12-02T16:31:25.000Z
diff --git a/rules/integrations/azure/credential_access_azure_entra_susp_device_code_signin.toml b/rules/integrations/azure/credential_access_azure_entra_susp_device_code_signin.toml
@@ -47,6 +47,7 @@ references = [
     "https://learn.microsoft.com/en-us/entra/identity/monitoring-health/concept-sign-ins",
     "https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/reference-azure-monitor-sign-ins-log-schema",
     "https://www.volexity.com/blog/2025/04/22/phishing-for-codes-russian-threat-actors-target-microsoft-365-oauth-workflows/",
+    "https://www.wiz.io/blog/recent-oauth-attacks-detection-strategies"
 ]
 risk_score = 73
 rule_id = "3db029b3-fbb7-4697-ad07-33cbfd5bd080"

Original file line number	Diff line number	Diff line change
`@@ -47,6 +47,7 @@ references = [`
`47`	`47`	`"https://learn.microsoft.com/en-us/entra/identity/monitoring-health/concept-sign-ins",`
`48`	`48`	`"https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/reference-azure-monitor-sign-ins-log-schema",`
`49`	`49`	`"https://www.volexity.com/blog/2025/04/22/phishing-for-codes-russian-threat-actors-target-microsoft-365-oauth-workflows/",`
	`50`	`+ "https://www.wiz.io/blog/recent-oauth-attacks-detection-strategies"`
`50`	`51`	`]`
`51`	`52`	`risk_score = 73`
`52`	`53`	`rule_id = "3db029b3-fbb7-4697-ad07-33cbfd5bd080"`