msapi-azuread.rules
Created rules for detected when a Global Administrator, Security Administrator, Security Operator or a User Administrator is created
azure-eventhub-ad.rules
Created rules for detected when a Global Administrator, Security Administrator, Security Operator or a User Administrator is created
windows-sysmon.rules
Updated rule 5014601 to only look for instances of lsass.exe in an effort to prevent false positives
msapi-azuread.rules Created rules for detected when a Global Administrator, Security Administrator, Security Operator or a User Administrator is created
azure-eventhub-ad.rules Created rules for detected when a Global Administrator, Security Administrator, Security Operator or a User Administrator is created
windows-sysmon.rules Updated rule 5014601 to only look for instances of lsass.exe in an effort to prevent false positives
.last_used_sid Updated sid