Forum Discussion
ujjawalm
Jun 17, 2020Copper Contributor
Burst of multiple reconnaissance commands could indicate initial activity after compromise
All of a sudden we have started receiving alerts for "Burst of multiple reconnaissance commands could indicate initial activity after compromise [seen multiple times]" for all the subscriptions/tenan...
Marius Matonis
Jun 17, 2020Copper Contributor
We are getting same alerts. Have looked at running pods and no custom deployments with priviliged access. We have startet investigation because of potential attack(https://azure.microsoft.com/en-in/blog/leverage-azure-security-center-to-detect-when-compromised-linux-machines-attack/) , but these alerts do not give enough information. I am also interested if there are any new features or alert types in Azure Security Center.