Addition of a Temporary Access Pass to a Privileged Account

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Content Index

---

'Detects when a Temporary Access Pass (TAP) is created for a Privileged Account. A Temporary Access Pass is a time-limited passcode issued by an admin that satisfies strong authentication requirements and can be used to onboard other authentication methods, including Passwordless ones such as Microsoft Authenticator or even Windows Hello. A threat actor could use a TAP to register a new authentication method to maintain persistance to an account. Review any TAP creations to ensure they wer

Attribute	Value
Type	Analytic Rule
Solution	Standalone Content
ID	d7feb859-f03e-4e8d-8b21-617be0213b13
Severity	High
Kind	Scheduled
Tactics	Persistence
Techniques	T1078.004
Required Connectors	AzureActiveDirectory, BehaviorAnalytics
Source	View on GitHub

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Analytic Rules