Post AbBBaYoqaAeZICR0Ai by iaintshootinmis@digitaldarkage.cc
 (DIR) More posts by iaintshootinmis@digitaldarkage.cc
 (DIR) Post #AbBBaYoqaAeZICR0Ai by iaintshootinmis@digitaldarkage.cc
       2023-10-26T23:09:41Z
       
       0 likes, 1 repeats
       
       Gonna write this up better later. But thanks to @tbaraki , we found a fluke in Microsoft's SignonLogs table. Sometime in the last few days they made UserPrincipalName case sensitive. So our alerts looking for breakglassadmin@CompanyName.onmicrosoft.com started failing because we were using (==) instead of (has). Would highly recommend you check your alerting and see which operands you're using in your queries. #InfoSec #threatintel #Logging