Skip to content

Hide Navigation Hide TOC

App Role Added (b04934b2-0a68-4845-8a19-bdfed3a68a7a)

Detects when an app is assigned Azure AD roles, such as global administrator, or Azure RBAC roles, such as subscription owner.

Cluster A Galaxy A Cluster B Galaxy B Level
App Role Added (b04934b2-0a68-4845-8a19-bdfed3a68a7a) Sigma-Rules Additional Cloud Roles - T1098.003 (2dbbdcd5-92cf-44c0-aea2-fe24783a6bc3) Attack Pattern 1
Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern Additional Cloud Roles - T1098.003 (2dbbdcd5-92cf-44c0-aea2-fe24783a6bc3) Attack Pattern 2