Lastpass Enterprise Activity Monitoring
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
| Attribute | Value |
|---|---|
| Publisher | The Collective Consulting |
| Support Tier | Partner |
| Support Link | https://thecollective.eu |
| Categories | domains |
| Version | 2.0.1 |
| Author | Thijs Lecomte - thijs.lecomte@thecollective.eu |
| First Published | 2021-10-20 |
| Last Updated | 2022-01-12 |
| Solution Folder | LastPass |
| Marketplace | Azure Marketplace · Rating: ★☆☆☆☆ 1.0/5 (1 ratings) · Popularity: 🔵 Medium (71%) |
Lastpass Enterprise Activity Monitoring is a cloud password manager used by organizations to securely save and share passwords.
Underlying Microsoft Technologies used:
This solution takes a dependency on the following technologies, and some of these dependencies either may be in Preview state or might result in additional ingestion or operational costs
a. Codeless Connector Platform/Native Sentinel Polling
Contents
Data Connectors
This solution provides 1 data connector(s):
🔶 CLv1: This connector ingests into a table that uses the legacy Custom Log V1 schema format with type-suffixed column names (e.g.
_s,_d,_b,_t,_g). Note: identification is based on column name suffixes which are also permitted in CLv2, so this classification may not always be accurate.
Tables Used
This solution uses 3 table(s):
| Table | Used By Connectors | Used By Content |
|---|---|---|
LastPassNativePoller_CL 🔶 |
LastPass Enterprise - Reporting (Polling CCP) | Analytics, Hunting, Workbooks |
SigninLogs |
- | Analytics, Hunting, Workbooks |
ThreatIntelligenceIndicator |
- | Analytics |
🔶 CLv1: This table uses the legacy Custom Log V1 schema format with type-suffixed column names (e.g.
_s,_d,_b,_t,_g). Note: identification is based on column name suffixes which are also permitted in CLv2, so this classification may not always be accurate.
Content Items
This solution includes 10 content item(s):
| Content Type | Count |
|---|---|
| Analytic Rules | 5 |
| Hunting Queries | 3 |
| Workbooks | 1 |
| Watchlists | 1 |
Analytic Rules
| Name | Severity | Tactics | Tables Used |
|---|---|---|---|
| Employee account deleted | Medium | Impact | LastPassNativePoller_CL |
| Failed sign-ins into LastPass due to MFA | Low | InitialAccess | LastPassNativePoller_CLSigninLogs |
| Highly Sensitive Password Accessed | Medium | CredentialAccess, Discovery | LastPassNativePoller_CL |
| TI map IP entity to LastPass data | Medium | Impact | LastPassNativePoller_CLThreatIntelligenceIndicator |
| Unusual Volume of Password Updated or Removed | Low | Impact | LastPassNativePoller_CL |
Hunting Queries
| Name | Tactics | Tables Used |
|---|---|---|
| Failed sign-ins into LastPass due to MFA. | InitialAccess | LastPassNativePoller_CLSigninLogs |
| Login into LastPass from a previously unknown IP. | InitialAccess | SigninLogs |
| Password moved to shared folders | Collection | LastPassNativePoller_CL |
Workbooks
| Name | Tables Used |
|---|---|
| LastPassWorkbook | LastPassNativePoller_CLSigninLogs |
Watchlists
| Name | Description | Tables Used |
|---|---|---|
| HighlySensitivePasswords | - | - |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊