Pathlock TDnR - Emergency User (AdminTrack) Activity

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Content Index

---

Detects activity from emergency user accounts tracked by Pathlock AdminTrack in SAP, forwarded by Pathlock Threat Detection and Response. Emergency user (firefighter) account usage should always be reviewed as these accounts carry broad privileges and any unauthorized or unreviewed use may indicate insider threat or account takeover.

Attribute	Value
Type	Analytic Rule
Solution	Pathlock_TDnR
ID	2a3b4c5d-6e7f-4a0b-8c1d-2e3f4a5b6c50
Severity	High
Status	Available
Kind	Scheduled
Tactics	Persistence, PrivilegeEscalation
Techniques	T1078, T1548
Required Connectors	Pathlock_TDnR
Source	View on GitHub

Tables Used

This content item queries data from the following tables:

Table	Transformations	Ingestion API	Lake-Only
Pathlock_TDnR_CL	?	✓	?

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Analytic Rules · Back to Pathlock_TDnR