Managed Sentinel – Alert 199
| Alert ID | MS-A199 |
| Alert Name | Suspicious Azure Resource deployment |
| Description | This alert identifies when a rare Azure Resource and ResourceGroup deployment occurs by a previously unseen Caller. |
| Severity Level | Low |
| Threat Indicator | |
| MITRE ATT&CK Tactics | DefensiveEvasion |
| Log sources | AzureActivity |
| False Positives | |
| Recommendations |