analyzing-azure-activity-logs-for-threats
CommunityDetect Azure threats by analyzing activity logs.
AuthorYukiIto1999
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This Skill helps security teams identify threats by querying Azure Monitor activity logs and sign-in logs to surface suspicious administrative operations, impossible travel, privilege escalation, and resource modifications.
Core Features & Use Cases
- Query Azure Monitor tables (AzureActivity, SigninLogs, AuditLogs, AzureDiagnostics) to surface indicators of compromise and operational anomalies.
- Detect privilege escalations, unusual sign-ins, NSG rule changes, Key Vault access anomalies, and mass resource modifications.
- Provide structured outputs for security operations workflows, supporting both human-readable reports and machine-readable payloads for automation.
Quick Start
Execute the agent against your Azure workspace to begin threat hunting across the monitored logs.
Dependency Matrix
Required Modules
azure-identityazure-monitor-query
Components
scriptsreferences
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: analyzing-azure-activity-logs-for-threats Download link: https://github.com/YukiIto1999/ctf-sleuth/archive/main.zip#analyzing-azure-activity-logs-for-threats Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.