Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
This queries GitLab Audit Logs for access tokens. Attacker can exfiltrate data from you GitLab repository after gaining access to it by generating or hijacking access tokens. This hunting queries allows you to track the personal access tokens creation for each of your repositories. The visualization allow you to quickly identify anomalies/excessive creation, to further investigate repo access & permissions.
| Attribute | Value |
|---|---|
| Type | Analytic Rule |
| Solution | GitLab |
| ID | 4d6d8b0e-6d9a-4857-a141-f5d89393cddb |
| Severity | Medium |
| Status | Available |
| Kind | Scheduled |
| Tactics | Collection |
| Techniques | T1213 |
| Required Connectors | SyslogAma |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Selection Criteria | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|---|
Syslog |
Facility == "local7"ProcessName == "GitLab-Audit-Logs" |
✓ | ✓ | ? |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊