GitLab - Repository visibility to Public

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Back to Content Index

This query leverages GitLab Audit Logs. A repository in GitLab changed visibility from Private or Internal to Public which could indicate compromise, error or misconfiguration leading to exposing the repository to the public.

Attribute Value
Type Analytic Rule
Solution GitLab
ID 8b291c3d-90ba-4ebf-af2c-0283192d430e
Severity Medium
Status Available
Kind Scheduled
Tactics Persistence, DefenseEvasion, CredentialAccess
Techniques T1556
Required Connectors SyslogAma
Source View on GitHub

Tables Used

This content item queries data from the following tables:

Table Selection Criteria Transformations Ingestion API Lake-Only
Syslog Facility == "local7"
ProcessName == "GitLab-Audit-Logs"		 ?

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Back to Analytic Rules · Back to GitLab