Hi!
In this article, I will share with you two news alerts released in June 2022 for Microsoft Defender for KeyVault.
| Alert (alert type) | Description | MITRE tactics | Severity |
|---|---|---|---|
| Unusual access denied – User accessing high volume of key vaults denied (KV_DeniedAccountVolumeAnomaly) | A user or service principal has attempted access to anomalously high volume of key vaults in the last 24 hours. This anomalous access pattern may be legitimate activity. Though this attempt was unsuccessful, it could be an indication of a possible attempt to gain access of key vault and the secrets contained within it. We recommend further investigations. | Discovery | Low |
| Unusual access denied – Unusual user accessing key vault denied (KV_UserAccessDeniedAnomaly) | A key vault access was attempted by a user that doesn’t normally access it, this anomalous access pattern may be legitimate activity. Though this attempt was unsuccessful, it could be an indication of a possible attempt to gain access of key vault and the secrets contained within it. | Initial Access, Discovery | Low |
Maxime.