Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
This will alert when a user is added to a privileged group which has been implemented by an actor that was not the target user account. Once the analytics rule is triggered it will group all related future alerts for upto 30 minutes when all related entities are the same. Ref: https://1password.com/ Ref: https://github.com/securehats/
| Attribute | Value |
|---|---|
| Type | Analytic Rule |
| Solution | 1Password |
| ID | 849ea271-cd9c-4afe-a13b-ddbbac5fc6d3 |
| Severity | Medium |
| Kind | Scheduled |
| Tactics | Persistence |
| Techniques | T1098 |
| Required Connectors | 1Password |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Selection Criteria | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|---|
OnePasswordEventLogs_CL |
✓ | ✓ | ✓ |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊