Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
This will alert when a user is added to a privileged group which has been implemented by an actor that was not the target user account. Once the analytics rule is triggered it will group all related future alerts for upto 30 minutes when all related entities are the same. Ref: https://1password.com/ Ref: https://github.com/securehats/
| Attribute | Value |
|---|---|
| Type | Analytic Rule |
| Solution | 1Password |
| ID | 849ea271-cd9c-4afe-a13b-ddbbac5fc6d3 |
| Severity | Medium |
| Kind | Scheduled |
| Tactics | Persistence |
| Techniques | T1098 |
| Required Connectors | 1Password |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
OnePasswordEventLogs_CL |
? | ✓ | ? |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊