Forum Discussion
Solved
Origins of leaked cred alarm
Hi, Just wondering if any one know how to dig out more information when the Leaked Credential alarm is raised. Trying to figure out the source of the alarm so we can do some more focused hunting,...
- Hi,
As explained before, this is an Azure AD Identity Protection detection, not an MCAS one.
I don't think AAD exposes the exact location on the Dark Web where they identify those credentials. You can open a support request for AAD to confirm if you want to.
Best regards
We got the alarm, but what is missing is where Microsoft Security spotted the cred's in the first place. While I'm not a massive fan of attribution, aka blaming state actor abc, I think having a process to understand where the alert came from will assist in a preventative and hunting activities.
Could I log a support case with Azure to find out where this information came from,?
Regards
JOhn
Hi,
As explained before, this is an Azure AD Identity Protection detection, not an MCAS one.
I don't think AAD exposes the exact location on the Dark Web where they identify those credentials. You can open a support request for AAD to confirm if you want to.
Best regards
As explained before, this is an Azure AD Identity Protection detection, not an MCAS one.
I don't think AAD exposes the exact location on the Dark Web where they identify those credentials. You can open a support request for AAD to confirm if you want to.
Best regards