Tailscale user role updated
Set up the tailscale integration.
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。
Goal
Detect when a Tailscale user’s role is updated.
Strategy
This rule monitors Tailscale logs for when a user’s role is updated. This could be a privilege escalation vector for an attacker looking to bypass restrictions from a lower privileged user.
Triage and response
- Investigate the user
{{@usr.email}} that performed the UPDATE action on user {{@target.name}}. - Compare the previous roles
{{@old}} with the new role updates containing the {{@new}} role and confirm that they should be assigned to the user {{@target.name}}. - If the activity is deemed malicious:
- Begin your organization’s incident response process and investigate.
