Managed Sentinel – Alert 017
| Alert ID | MS-A017 |
| Alert Name | MCAS Detect Leaked Credentials |
| Description | When cyber criminals compromise valid passwords of legitimate users, they often share those credentials. This is usually done by posting them publicly on the dark web or paste sites or by trading or selling the credentials on the black market. Cloud App Security utilizes Microsoft’s Threat intelligence to match such credentials to the ones used inside your organization. |
| Severity Level | High |
| Threat Indicator | Compromised Credentials |
| MITRE ATT&CK Tactics | Credential Access |
| Log sources | Microsoft Cloud App Security |
| Recommendations | 1. Immediately reset user credentials (change account password) 2. Notify user about action taken 3. Look for additional indicators of compromise related to the user identified in the alert using Azure Sentinel. |