This rule aims to detect potentially malicious activities related to the AzureHound tool, which is part of the BloodHound suite designed for enumeration and discovery of Azure Active Directory environments. AzureHound functions by using specific User-Agent strings to collect data about Azure configurations and identities. This detection rule targets the default User-Agent utilized by AzureHound when it communicates during and after the authentication process. By monitoring for this specific User-Agent string alongside the condition that the ResultType is 0 (indicating a successful logon), this rule can effectively identify unauthorized attempts to gather sensitive information about Azure resources. Given the significance of the Azure environment in many organizations, detecting this activity is crucial to mitigating potential reconnaissance and subsequent compromise efforts.