Skip to content

Commit

Permalink
Update azure_ad_multiple_failed_mfa_requests_for_user.yml
Browse files Browse the repository at this point in the history
  • Loading branch information
@mvelazc0
mvelazc0 committed Nov 1, 2023
1 parent 43f748d commit 7b501ac
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion detections/cloud/azure_ad_multiple_failed_mfa_requests_for_user.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ description: The following analytic identifies multiple failed multi-factor auth
messages, and phone calls potentially resulting in the user finally accepting the
authentication request. Threat actors like the Lapsus team and APT29 have leveraged
this technique to bypass multi-factor authentication controls as reported by Mandiant
and others.
and others.
data_source: []
search: ' `azure_monitor_aad` category=SignInLogs operationName="Sign-in activity" properties.status.errorCode=500121 properties.status.additionalDetails!="MFA denied; user declined the authentication"
| rename properties.* as *
Expand Down

0 comments on commit 7b501ac

Please sign in to comment.