Episode 34: Ryan Hausknecht (Again)
Detection: Challenging Paradigms
00:00
Azure AD - What Is an Operation?
On the Azure AD side of things like applications are a big one. They also have their own separate log providers and stuff so yeah it's okay. So that kind of replaces API monitor. We talk about a secureable objects on windows on like and I think to me a resource is equivalent to a secureable object in this case. That are listening you have like files and name pipes and reviews and a resource you have virtual machines and yes all those others. And then there are also things called not actions which explicitly deny.
Play episode from 01:08:51
Transcript
