User Profile
ujjawalm
Copper Contributor
Joined 5 years ago
User Widgets
Recent Discussions
Delete Role Assignment
Hi All, We have received an Azure activity logs in which the Operation Name is Delete role assignment and the Event initiated by is MS-PIM. In which case the role is deleted by "MS-PIM" and what's the reason for deletion. and also, When we tried to fetch the logs through Log Analytics the Caller was some hexadecimal string, so is there a way to resolve that to the user name with log analytics query.Analysis of host data detected a large number of system log files being removed
Analysis of host data detected a large number of system log files being removed, Suspicious Command Line : rm -f /var/log/sa/sa18 We are receiving these alerts in Azure Security Center, and post checking the logs on the server we found that: 1.) This is general working logic of system to remove old sar logs older than one month. So it is expected that system will delete old logs accordingly. 2.) Why we started receiving such alerts just few days back when this OS functionality is from day 1.Solved1KViews0likes2CommentsBurst of multiple reconnaissance commands could indicate initial activity after compromise
All of a sudden we have started receiving alerts for "Burst of multiple reconnaissance commands could indicate initial activity after compromise [seen multiple times]" for all the subscriptions/tenant id's over Azure. The reported commands are basic linux commands and when the linux team is searching they aren't able to find such huge counts as reported by Azure security center. Is there some new threat intel updated or some changes over the Azure security center is done. If you have any hints as if why we are receiving these alerts, then please reply.2.4KViews0likes6Comments
Recent Blog Articles
No content to show