Detecting Rapid Microsoft Graph Read Requests on AzureAD and AzureRM
Hello,
I am attempting to create analytic rules within Sentinel based around someone running AzureHound to enumerate the environment. However, after testing Azure within our environment I see that the only relevant logs created in Azure would be the sign-in to the Azure PowerShell module which would be a very noisy indicator in some environments. From my searching I was unable to see something that would log all the read requests created when enumerating AzureAD and AzureRM through the respective Azure PowerShell modules.
Am I missing something or is there no way that these requests are logged?