Delinea Privilege Manager detected a bad-rated application action event

This rule is part of a beta feature. To learn more, contact Support.
delinea-privilege-manager

Classification:

attack

Tactic:

TA0002-execution

Technique:

T1204-user-execution

이 페이지는 아직 영어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Goal

Detects bad-rated application action events.

Strategy

This rule monitors the Delinea Privilege Manager logs to detect bad-rated application action events.

Triage and Response

  1. Analyze the bad-rated application action event on the computer: {{@ComputerName}}.
  2. Determine whether the flagged application {{@FileName}} located at {{@FilePath}} was executed or installed on other systems.
  3. Temporarily isolate the affected system to prevent potential spread or harm.
  4. Update the application control policy to block the flagged application.
  5. Notify the user to avoid similar activities and ensure compliance with application usage policies.
PREVIEWING: ylu/add-compose-instrumentation-doc