Managed Sentinel – Alert 014
| Alert ID | MS-A014 |
| Alert Name | Common deployed resources in Azure |
| Description | This query looks for common deployed resources (resource name and resource groups) and can be used in combination with other signals that show suspicious deployment to evaluate if the resource is one that is commonly being deployed/created or unique. Source: Github - Microsoft |
| Severity Level | Informational |
| Threat Indicator | Improper Usage |
| MITRE ATT&CK Tactics | Execution |
| Log sources | AzureActivity |
| False Positive | Not sufficient indicator without any other alerts |
| Recommendations | Perform additional investigation. Engage internal Azure Operation team. |