Tailscale security email modified

tailscale

Classification:

attack

Tactic:

TA0005-defense-evasion

Technique:

T1562-impair-defenses

Set up the tailscale integration.

이 페이지는 아직 영어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Goal

Detect when the Tailscale security issues email has been modified.

Strategy

This rule monitors Tailscale logs when the security issues email has been modified. The Tailscale security issues email is used for notifications about security issues affecting your tailnet. An unauthorized entity modifying this email could be an indicator of a compromised tailscale tenant owner or an insider threat.

Triage and response

  1. Investigate the user {{@usr.email}} that modified the security email within your Tailscale configuration.
  2. If the activity is deemed malicious:
    • Begin your organization’s incident response process and investigate.
PREVIEWING: brett.blue/embedded-collector-release