From 67fc6c5d9106d7acdb7f77658e91b2c67700fa24 Mon Sep 17 00:00:00 2001 From: Pete Bryan Date: Wed, 4 Oct 2023 08:31:34 -0700 Subject: [PATCH] Reduced parameters in Description to fit limits --- .../SuspiciousSignInFollowedByMFAModification.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Solutions/Azure Active Directory/Analytic Rules/SuspiciousSignInFollowedByMFAModification.yaml b/Solutions/Azure Active Directory/Analytic Rules/SuspiciousSignInFollowedByMFAModification.yaml index 672e64ca1e7..f3202383216 100644 --- a/Solutions/Azure Active Directory/Analytic Rules/SuspiciousSignInFollowedByMFAModification.yaml +++ b/Solutions/Azure Active Directory/Analytic Rules/SuspiciousSignInFollowedByMFAModification.yaml @@ -71,7 +71,7 @@ alertDetailsOverride: alertDisplayNameFormat: Suspicious Sign In by {{InitiatorUPN}} Followed by MFA Modification to {{TargetUPN}} alertDescriptionFormat: | This query looks uses Microsoft Sentinel's UEBA features to look for suspicious logons followed by modifications to MFA settings by that user. - In this case {{InitiatorUPN}} logged in at {{LogOnTime}} followed by a modification to MFA settings for {{TargetUPN}}. - The sign in was from {{SourceIPAddress}} and the MFA modification was made from {{FromIP}}. + In this case {{InitiatorUPN}} logged in followed by a modification to MFA settings for {{TargetUPN}}. + The sign in was from {{SourceIPAddress}}. version: 1.0.0 kind: Scheduled \ No newline at end of file