T1078.004 on sentinelchangelog.net

T1078.004 on sentinelchangelog.nethttp://sentinelchangelog.net/tags/t1078.004/Recent content in T1078.004 on sentinelchangelog.netHugo -- 0.157.0enMon, 01 Jun 2026 04:39:34 +0000Slack Audit Solution: Enhanced Detection Logic and Alert Enrichmenthttp://sentinelchangelog.net/posts/2026-06-01-pr-14245/Mon, 01 Jun 2026 04:39:34 +0000http://sentinelchangelog.net/posts/2026-06-01-pr-14245/Slack Audit analytic rules, hunting queries, and workbook upgraded with improved KQL logic, custom alert details, and enhanced entity mappings for stronger workspace monitoring.Entra ID Authentication Anomalies: Advanced Hunting for Privilege Abuse and Defense Evasionhttp://sentinelchangelog.net/posts/2026-05-27-pr-14339/Wed, 27 May 2026 13:42:33 +0000http://sentinelchangelog.net/posts/2026-05-27-pr-14339/Adds three-query pack detecting legacy auth bypass, guest account abuse, and post-reset privileged operations.Entra ID Account Takeover: Three-Query Hunting Pack for Post-Compromise Detectionhttp://sentinelchangelog.net/posts/2026-05-27-pr-14335/Wed, 27 May 2026 13:41:06 +0000http://sentinelchangelog.net/posts/2026-05-27-pr-14335/Adds hunting pack targeting device code phishing, service principal persistence, and bulk password resets by privileged actors.Entra ID Attack Chain Correlation: Three New Hunting Queries for Sequential Compromise Patternshttp://sentinelchangelog.net/posts/2026-05-26-pr-14311/Tue, 26 May 2026 08:14:04 +0000http://sentinelchangelog.net/posts/2026-05-26-pr-14311/Three hunting queries detect multi-event attack chains in Entra ID—privileged role grants followed by SP credential additions and MFA disabling followed by sign-ins from unknown IPs.Entra ID Hunting Pack: Defense Weakening and Privilege Abuse Detectionhttp://sentinelchangelog.net/posts/2026-05-26-pr-14240/Tue, 26 May 2026 06:12:52 +0000http://sentinelchangelog.net/posts/2026-05-26-pr-14240/Three hunting queries targeting silent defense weakening techniques and off-hours privilege escalation in Entra ID environments.Entra ID Workload Identity and Privileged Role Hunting Pack: Three New Detection Querieshttp://sentinelchangelog.net/posts/2026-05-21-pr-14281/Thu, 21 May 2026 12:50:47 +0000http://sentinelchangelog.net/posts/2026-05-21-pr-14281/New hunting pack targeting workload identity abuse and privileged role assignment anomalies with coverage gaps for service principal credential theft and PIM bypass techniques.Entra ID Cross-Source Hunting Pack: Post-Compromise Pattern Detectionhttp://sentinelchangelog.net/posts/2026-05-19-pr-14262/Tue, 19 May 2026 10:09:11 +0000http://sentinelchangelog.net/posts/2026-05-19-pr-14262/Three new hunting queries correlate AuditLogs and SigninLogs to surface post-compromise identity patterns using baseline-driven anomaly detection.AWS Content Quality Overhaul: Standardized Detection Rules and Improved Entity Mappingshttp://sentinelchangelog.net/posts/2026-05-18-pr-14101/Mon, 18 May 2026 07:30:57 +0000http://sentinelchangelog.net/posts/2026-05-18-pr-14101/Comprehensive quality improvements to 61 AWS Analytic Rules and 35 Hunting Queries with standardized naming conventions, normalized MITRE technique mappings, and updated entity field references from legacy AccountCustomEntity to UserIdentityUserName.Microsoft Sentinel Training Lab: Comprehensive Hands-On Security Operations Environment Now Availablehttp://sentinelchangelog.net/posts/2026-04-10-pr-13848/Fri, 10 Apr 2026 15:05:24 +0000http://sentinelchangelog.net/posts/2026-04-10-pr-13848/New deployment-ready training lab delivers 14 guided exercises with pre-recorded telemetry, detection rules, and automation workflows for practical Microsoft Sentinel skill development.