Hey @Sebastien Molendijk 

 

We got the alarm, but what is missing is where Microsoft Security spotted the cred's in the first place. While I'm not a massive fan of attribution, aka blaming state actor abc, I think having a process to understand where the alert came from will assist in a preventative and hunting activities.

 

Could I log a support case with Azure to find out where this information came from,?

 

Regards

JOhn

www.000webhost.com