Rules Contributing to Azure DNS Zone Changed Alert
The following rules are used to identify events when an Azure DNS zone is changed. Any one or more of these will trigger the Azure DNS Zone Changed Alert. Details for each rule can be viewed by clicking the More Details link in the description.
Title |
Description |
||||||||
---|---|---|---|---|---|---|---|---|---|
Azure DNS Zone Modified or Deleted |
Identifies when DNS zone is modified or deleted. More details
Rule IDQuery{'selection': {'operationName|startswith': 'MICROSOFT.NETWORK/DNSZONES', 'operationName|endswith': ['/WRITE', '/DELETE']}, 'condition': 'selection'} Log SourceStellar Cyber Microsoft Entra Events configured. Rule SourceSigmaHQ,af6925b0-8826-47f1-9324-337507a0babd Author: Austin Songer @austinsonger Tactics, Techniques, and ProceduresCOMMAND_AND_CONTROL, T1071.004 ReferencesSeverity50 Suppression Logic Based On
Additional Information
|