CLOUD CONNECTOR
Azure Active Directory
Azure Active Directory is the built-in solution for managing identities in Office 365. Azure Active Directory also allows for the addition and configuration of any application in order to centralize identity and access management, along with SSO and automated provisioning capabilities.
As a consolidated API, Securonix integrates with the Microsoft Office 365 Management API for ingesting Azure Active Directory relevant alerts to identify threats such as privilege escalation, credential theft, account compromise, DDoS and brute force password attacks, and unusual account behavior, as well as insider threats.
| Event Service/Module | Event Types | Related Threats | Use Cases/Threat Packages | Details |
|---|---|---|---|---|
| Authentication - Identity Management | User Authentication - password, pin creation, reset, login success, sign in failures, device | Unusual Login Location, Rare Geolocation, Credential Theft | Identity and Access Analytics, Insider Threats | Access and login activity events |
| Authentication Method | Password, proxy authentication, DAToken, device ID, hashed password, pin reset, OTC, MD5, STS, and more | Credential Theft, DDoS, Brute Force | Identity and Access Analytics, Insider Threats | Access and login activity events |
| Application | Account login, login status, login failures, client device, device OS, device browser, user domain (TII) | Unusual Account Behavior/Account Compromise | Identity and Access Analytics, Insider Threats | Access and login activity events |
| Active Directory | Device event, directory event, policy event, audit event | Unusual Account Behavior/Account Compromise | Identity and Access Analytics, Insider Threats | Access and login activity events |