CLOUD CONNECTOR

Azure Active Directory

Azure Active Directory is the built-in solution for managing identities in Office 365. Azure Active Directory also allows for the addition and configuration of any application in order to centralize identity and access management, along with SSO and automated provisioning capabilities.

As a consolidated API, Securonix integrates with the Microsoft Office 365 Management API for ingesting Azure Active Directory relevant alerts to identify threats such as privilege escalation, credential theft, account compromise, DDoS and brute force password attacks, and unusual account behavior, as well as insider threats.

Event Service/Module Event Types Related Threats Use Cases/Threat Packages Details
Authentication - Identity Management User Authentication - password, pin creation, reset, login success, sign in failures, device Unusual Login Location, Rare Geolocation, Credential Theft Identity and Access Analytics, Insider Threats Access and login activity events
Authentication Method Password, proxy authentication, DAToken, device ID, hashed password, pin reset, OTC, MD5, STS, and more Credential Theft, DDoS, Brute Force Identity and Access Analytics, Insider Threats Access and login activity events
Application Account login, login status, login failures, client device, device OS, device browser, user domain (TII) Unusual Account Behavior/Account Compromise Identity and Access Analytics, Insider Threats Access and login activity events
Active Directory Device event, directory event, policy event, audit event Unusual Account Behavior/Account Compromise Identity and Access Analytics, Insider Threats Access and login activity events