Managed Sentinel – Alert 016
| Alert ID | MS-A016 |
| Alert Name | Creation of an anomalous number of resources in Azure |
| Description | Looks for anomalous number of resources creation or deployment activities in azure activity log. It is best to run this query on a look back period which is at least 7 days. Source: Github - Microsoft |
| Severity Level | Informational |
| Threat Indicator | Improper Usage |
| MITRE ATT&CK Tactics | Execution |
| Log sources | AzureActivity |
| False Positive | Planned migration activities |
| Recommendations | Escalate to internal Azure Operation team to understand if any unauthorized changes where done in organization Azure Subscription. |