Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Feature] Suspicious Behaviour Searches #443

Open
briandelmsft opened this issue Apr 30, 2024 · 1 comment
Open

[Feature] Suspicious Behaviour Searches #443

briandelmsft opened this issue Apr 30, 2024 · 1 comment
Assignees
@briandelmsft
Labels
pending-triage Submitted issue needing triage

Comments

@briandelmsft
Copy link
Owner

I've seen a few common use cases for the KQL module and starting to think we should integrate some into other modules such as

  • recent device registration
  • recent mfa registration
  • recent mailbox rule change
  • recent password change
  • etc

@piaudonn thoughts? what else should be on the list? what modules does it go in? make sense?
@briandelmsft briandelmsft added the pending-triage Submitted issue needing triage label Apr 30, 2024
@briandelmsft briandelmsft self-assigned this Apr 30, 2024
@piaudonn
Copy link
Collaborator

Maybe the occasion to get the #210 addressed at the same time.
Recent role assignment. Maybe also merge that with exposure management #453 and return those things as observable that can be used to calculate a custom blast radius (in combo with the scoring module).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@briandelmsft briandelmsft

Labels
pending-triage Submitted issue needing triage
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@piaudonn @briandelmsft