Changes to PIM Settings

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Content Index

---

PIM provides a key mechanism for assigning privileges to accounts, this query detects changes to PIM role settings. Monitor these changes to ensure they are being made legitimately and don't confer more privileges than expected or reduce the security of a PIM elevation. Ref: https://docs.microsoft.com/azure/active-directory/fundamentals/security-operations-privileged-accounts#changes-to-privileged-accounts

Attribute	Value
Type	Analytic Rule
Solution	Standalone Content
ID	0ed0fe7c-af29-4990-af7f-bb5ccb231198
Severity	High
Kind	Scheduled
Tactics	PrivilegeEscalation
Techniques	T1078.004
Required Connectors	AzureActiveDirectory
Source	View on GitHub

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Analytic Rules