heroui logo

Azure Keyvault Key Modified or Deleted

Sigma Rules

View Source
Summary
This detection rule identifies any modifications or deletions made to keys within Azure Keyvaults. It is particularly concerned with specific operations such as creating, updating, deleting, and restoring keys. Monitoring these actions is essential for maintaining the security and integrity of cryptographic materials stored in Azure Keyvaults, which are crucial for securing sensitive data in applications. Unauthorized changes to keys can indicate potential credential theft or misuse by malicious actors. The rule leverages Azure Activity Logs to track various operations performed on Keyvault keys, ensuring any anomalies can be flagged for further investigation.
Categories
  • Cloud
  • Azure
Data Sources
  • Cloud Service
  • Network Traffic
Created: 2021-08-16