Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
Detects runtime changes to Switchable Authorizations (SACF) in SAP, forwarded by Pathlock Threat Detection and Response. Runtime SACF modifications take immediate effect and can instantly disable authorization checks in production, representing a critical real-time security control bypass.
| Attribute | Value |
|---|---|
| Type | Analytic Rule |
| Solution | Pathlock_TDnR |
| ID | 2a3b4c5d-6e7f-4a0b-8c1d-2e3f4a5b6c48 |
| Severity | High |
| Status | Available |
| Kind | Scheduled |
| Tactics | DefenseEvasion, PrivilegeEscalation |
| Techniques | T1562, T1548 |
| Required Connectors | Pathlock_TDnR |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
Pathlock_TDnR_CL |
? | ✓ | ? |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊