/
Activity log
Document toolboxDocument toolbox

Activity log

Owned by Laszlo Frazer
Last updated: Feb 18, 2025
1 min read
image-20250218-205445.png
image-20250218-205523.png

This diagnostic setting will not appear in the diagnostic settings list in Azure Monitor.

 

Secure it

//A malicious user has stopped a virtual machine in Azure from cloud.azure.vm.administrative where operationName = "MICROSOFT.COMPUTE/VIRTUALMACHINES/DEALLOCATE/ACTION"

In this case, the malicious user has gained control of a user account with the Owner role.

Related content

Azure Monitor
Azure Monitor
Devo Additional Documentation
More like this
Azure
Azure
Devo latest
More like this
Azure Monitor
Azure Monitor
Devo latest
More like this
Alert Pack: Execution (MITRE Att&ck Tactic: TA0002)
Alert Pack: Execution (MITRE Att&ck Tactic: TA0002)
7.13
More like this
Virtual Machine Metrics in Azure collector
Virtual Machine Metrics in Azure collector
Devo Additional Documentation
More like this
Azure Event Hub collector
Azure Event Hub collector
Devo Additional Documentation
More like this