GitHub MFA requirement disabled
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。
Goal
Detect when a GitHub multi-factor authentication (MFA) requirement has been disabled.
Strategy
This rule monitors GitHub audit logs for when a GitHub MFA requirement has been disabled. The requirement for members to have two-factor authentication enabled to access an enterprise/organization was disabled. Attackers may may disable or modify MFA mechanisms to enable persistent access to compromised accounts.
Triage and response
- Determine if the change taken by
{{@github.actor}}
is authorized. - If the change was not authorized or was unexpected, begin your organization’s incident response process and investigate.