Generate Azure Firewall Rules for Office 365 Traffic
Tags
| attack-pattern: | Domains - T1583.001 Domains - T1584.001 Powershell - T1059.001 Sharepoint - T1213.002 Powershell - T1086 |
Common Information
| Type | Value |
|---|---|
| UUID | a0732720-8b13-4d02-ac53-1fa27a1c9f47 |
| Fingerprint | aa892b8566318d93 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | Jan. 28, 2019, 12:57 p.m. |
| Added to db | Jan. 18, 2023, 10:41 p.m. |
| Last updated | Nov. 18, 2024, 5:37 p.m. |
| Headline | Mathieu Isabel's Weblog |
| Title | Generate Azure Firewall Rules for Office 365 Traffic |
| Detected Hints/Tags/Attributes | 15/1/44 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 274 | outlook.com |
|
| Details | Domain | 12 | outlook.office.com |
|
| Details | Domain | 1 | protection.outlook.com |
|
| Details | Domain | 1 | store.core.windows.net |
|
| Details | Domain | 1 | asl.configure.office.com |
|
| Details | Domain | 1 | attachments.office.net |
|
| Details | Domain | 1 | domains.live.com |
|
| Details | Domain | 1 | mshrcstorageprod.blob.core.windows.net |
|
| Details | Domain | 27 | outlook.office365.com |
|
| Details | Domain | 1 | r1.res.office365.com |
|
| Details | Domain | 1 | r3.res.office365.com |
|
| Details | Domain | 2 | r4.res.office365.com |
|
| Details | Domain | 1 | tds.configure.office.com |
|
| Details | Domain | 1 | log.optimizely.com |
|
| Details | Domain | 1 | search.production.apac.trafficmanager.net |
|
| Details | Domain | 1 | search.production.emea.trafficmanager.net |
|
| Details | Domain | 1 | search.production.us.trafficmanager.net |
|
| Details | Domain | 19 | sharepoint.com |
|
| Details | Domain | 2 | sharepointonline.com |
|
| Details | Domain | 1 | svc.ms |
|
| Details | Domain | 1 | files.sharepoint.com |
|
| Details | Domain | 1 | myfiles.sharepoint.com |
|
| Details | Domain | 1 | admin.onedrive.com |
|
| Details | Domain | 1 | cdn.sharepointonline.com |
|
| Details | Domain | 1 | click.email.microsoftonline.com |
|
| Details | Domain | 55 | live.com |
|
| Details | Domain | 1 | officeclient.microsoft.com |
|
| Details | Domain | 1 | oneclient.sfx.ms |
|
| Details | Domain | 1 | privatecdn.sharepointonline.com |
|
| Details | Domain | 1 | prod.msocdn.com |
|
| Details | Domain | 1 | publiccdn.sharepointonline.com |
|
| Details | Domain | 2 | skydrive.wns.windows.com |
|
| Details | Domain | 1 | spoprod-a.akamaihd.net |
|
| Details | Domain | 1 | ssw.live.com |
|
| Details | Domain | 1 | static.sharepointonline.com |
|
| Details | Domain | 1 | storage.live.com |
|
| Details | Domain | 5 | watson.telemetry.microsoft.com |
|
| Details | File | 1 | rulename.json |
|
| Details | File | 1 | store.core |
|
| Details | File | 1 | asl.config |
|
| Details | File | 1 | mshrcstorageprod.blob |
|
| Details | File | 1 | tds.config |
|
| Details | File | 1 | log.opt |
|
| Details | Url | 1 | https://endpoints.office.com/endpoints/worldwide?clientrequestid=b10c5ed1 |