Skip to content

Add axiosDetections - Azure AiTM detection pipeline#299

Open
luckyblake02-svg wants to merge 1 commit into
meirwah:masterfrom
luckyblake02-svg:master
Open

Add axiosDetections - Azure AiTM detection pipeline#299
luckyblake02-svg wants to merge 1 commit into
meirwah:masterfrom
luckyblake02-svg:master

Conversation

@luckyblake02-svg

Copy link
Copy Markdown

Adds axiosDetections, a Python-based detection pipeline for AiTM phishing and credential abuse via Azure Identity Protection.

The tool identifies the axios user agent in risky sign-in logs as a near-certain indicator of compromise, enriches detections with AbuseIPDB data, and automates alerting and response via Microsoft Graph. Includes three scripts covering interactive investigation, scheduled email reporting, and event-driven Outlook-based automation.

Fits under Detection or Playbooks — happy to adjust placement.

Adds axiosDetections, a Python-based detection pipeline for AiTM phishing and credential abuse via Azure Identity Protection. 

The tool identifies the axios user agent in risky sign-in logs as 
a near-certain indicator of compromise, enriches detections with 
AbuseIPDB data, and automates alerting and response via Microsoft Graph. Includes three scripts covering interactive investigation, scheduled email reporting, and event-driven Outlook-based automation.

Fits under Detection or Playbooks — happy to adjust placement.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant