OneLogin user granted administrative privileges
Set up the onelogin integration.
Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel,
n'hésitez pas à nous contacter.
Goal
Detect when a OneLogin administrator grants additional privileges to another OneLogin user.
Strategy
This rule lets you monitor the following OneLogin events to detect when an administrator grants additional privileges to another OneLogin user:
@evt.name:PRIVILEGE_GRANTED_TO_USER
Triage and response
- Determine whether the user (
{{@actor_user_name}}
) should be legitimately adding additional roles to @usr.name
. Note: The role granted to the user is not available in OneLogin logs. - If the activity was not legitimate, review all activity from
{{@actor_user_name}}
and the IP ({{@network.client.ip}}
) associated with this signal.