Skip to content

Hide Navigation Hide TOC

Application URI Configuration Changes (0055ad1f-be85-4798-83cf-a6da17c993b3)

Detects when a configuration change is made to an applications URI. URIs for domain names that no longer exist (dangling URIs), not using HTTPS, wildcards at the end of the domain, URIs that are no unique to that app, or URIs that point to domains you do not control should be investigated.

Cluster A Galaxy A Cluster B Galaxy B Level
Steal Application Access Token - T1528 (890c9858-598c-401d-a4d5-c67ebcdd703a) Attack Pattern Application URI Configuration Changes (0055ad1f-be85-4798-83cf-a6da17c993b3) Sigma-Rules 1
Cloud Accounts - T1078.004 (f232fa7a-025c-4d43-abc7-318e81a73d65) Attack Pattern Application URI Configuration Changes (0055ad1f-be85-4798-83cf-a6da17c993b3) Sigma-Rules 1
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) Attack Pattern Cloud Accounts - T1078.004 (f232fa7a-025c-4d43-abc7-318e81a73d65) Attack Pattern 2