Monday, November 15, 2021

Azure Application Insights - Smart Detection - Identify suspicious user activity

Now we can detect suspicious user activity using Azure Application Insights.

You need to navigate to Application Insights and click on Smart Detection. It will show potential security and performance issues.

We can click on the Suspicious user activity detected (preview) card to obtain more information on the issue. 

Then click on the Suspicious user activity link.

It'll show malicious users who accessed the system from multiple locations at the same time.

If we want we can construct an Alert Rule to notify an authority at a particular time

Furthermore we can see all requests from malicious users. For that you need to click on All requests from the most suspicious user link

You can modify the value for user_AuthenticatedId parameter to see what other users had accessed

No comments: