Skip to content

Hide Navigation Hide TOC

Application URI Configuration Changes (0055ad1f-be85-4798-83cf-a6da17c993b3)

Detects when a configuration change is made to an applications URI. URIs for domain names that no longer exist (dangling URIs), not using HTTPS, wildcards at the end of the domain, URIs that are no unique to that app, or URIs that point to domains you do not control should be investigated.

Cluster A Galaxy A Cluster B Galaxy B Level
Application URI Configuration Changes (0055ad1f-be85-4798-83cf-a6da17c993b3) Sigma-Rules Cloud Accounts - T1078.004 (f232fa7a-025c-4d43-abc7-318e81a73d65) Attack Pattern 1
Application URI Configuration Changes (0055ad1f-be85-4798-83cf-a6da17c993b3) Sigma-Rules Steal Application Access Token - T1528 (890c9858-598c-401d-a4d5-c67ebcdd703a) Attack Pattern 1
Cloud Accounts - T1078.004 (f232fa7a-025c-4d43-abc7-318e81a73d65) Attack Pattern Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) Attack Pattern 2