Microsoft Defender for Cloud – Page 5

Alert (alert type)	Description	MITRE tactic	Severity
PREVIEW – Access from a suspicious application (Storage.Blob_SuspiciousApp)	Indicates that a suspicious application has successfully accessed a container of a storage account with authentication. This might indicate that an attacker has obtained the credentials necessary to access the account, and is exploiting it. This could also be an indication of a penetration test carried out in your organization. Applies to: Azure Blob Storage, Azure Data Lake Storage Gen2	Initial Access	Medium

Alert (alert type)

Description

MITRE tactic

Severity

PREVIEW – Access from a suspicious application
(Storage.Blob_SuspiciousApp)

Indicates that a suspicious application has successfully accessed a container of a storage account with authentication.
This might indicate that an attacker has obtained the credentials necessary to access the account, and is exploiting it. This could also be an indication of a penetration test carried out in your organization.
Applies to: Azure Blob Storage, Azure Data Lake Storage Gen2

Initial Access

Medium

Hi!

The preview alert that detected this was called “Anonymous scan of public storage containers”. To provide greater clarity about the suspicious events discovered, we’ve divided this into two new alerts. These alerts are relevant to Azure Blob Storage only.

Microsoft has improved the detection logic, updated the alert metadata, and changed the alert name and alert type.

Alert (alert type)	Description	MITRE tactic	Severity
Publicly accessible storage containers successfully discovered (Storage.Blob_OpenContainersScanning.SuccessfulDiscovery)	A successful discovery of publicly open storage container(s) in your storage account was performed in the last hour by a scanning script or tool. This usually indicates a reconnaissance attack, where the threat actor tries to list blobs by guessing container names, in the hope of finding misconfigured open storage containers with sensitive data in them. The threat actor may use their own script or use known scanning tools like Microburst to scan for publicly open containers. ✔ Azure Blob Storage ✖ Azure Files ✖ Azure Data Lake Storage Gen2	Collection	Medium
Publicly accessible storage containers unsuccessfully scanned (Storage.Blob_OpenContainersScanning.FailedAttempt)	A series of failed attempts to scan for publicly open storage containers were performed in the last hour. This usually indicates a reconnaissance attack, where the threat actor tries to list blobs by guessing container names, in the hope of finding misconfigured open storage containers with sensitive data in them. The threat actor may use their own script or use known scanning tools like Microburst to scan for publicly open containers. ✔ Azure Blob Storage ✖ Azure Files ✖ Azure Data Lake Storage Gen2	Collection	Low

Maxime.

Catégorie : Microsoft Defender for Cloud (Page 5 of 31)

New alert for Microsoft Defender for Storage

‘Copy alert JSON’ button added to security alert details pane

Microsoft Defender for Storage – Two new alerts

Articles récents

Derniers Tweets