Modification of an existing Azure Function App Service with unusual parameters or logic.
Unusual changes to App Service triggers, bindings, or storage accounts.
Unusual creation or modification of Azure Functions by an unexpected or unauthorized user/service principal, potentially indicating malicious activity.
Possible Root Causes
Compromised Principal Account: An attacker has gained access and is attempting unauthorized modifications.
Development Activity: A developer is creating or modifying an Azure Function App Service runtime version.
Automated Deployment: Previously unused deployment scripts are updating the function code or configuration.
Legitimate Development Process: A developer is creating a new function or modifying an existing one as part of standard operations.
Business Impact
Exposure of sensitive data through unauthorized access or data leaks.
Security vulnerabilities exploited due to misconfigured functions or storage accounts.
Unplanned changes to business logic or workflows.
Potential data breaches, unauthorized access to sensitive resources, disruption of critical business services, and reputational damage.
Steps to Verify
Review Azure Activity Logs: Investigate the user/service principal and the created or modified App Service.
Investigate Permissions: Check the user's or service principal's access levels within Azure.
Correlate Security Alerts: Verify if other security alerts or notifications were triggered around the time of the suspicious event.
Inspect Function Code: Analyze the Azure Function code for signs of malicious activity.
Consult Stakeholders: Work with Azure administrators, security teams, and relevant stakeholders to determine the cause and scope of the incident.
Azure Suspicious App Service Creation or Modification
Possible root causes
Malicious Detection
Benign Detection
Azure Suspicious App Service Creation or Modification
Example scenarios
Azure Suspicious App Service Creation or Modification
Business impact
If this detection indicates a genuine threat, the organization faces significant risks:
Azure Suspicious App Service Creation or Modification
Steps to investigate
Azure Suspicious App Service Creation or Modification
Azure Suspicious App Service Creation or Modification
Related detections
No items found.
See our detections in action
Our interactive demo provides a deep dive into the advanced capabilities of our cybersecurity platform, showcasing real-time detection, comprehensive analysis, and proactive threat mitigation.
Don't just read about the possibilities – experience them.