Delinea Privilege Manager unusual spike in password disclosure events by a requesting user

This rule is part of a beta feature. To learn more, contact Support.
delinea-privilege-manager

Classification:

attack

Tactic:

TA0006-credential-access

Technique:

T1555-credentials-from-password-stores

이 페이지는 아직 영어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Goal

Detects an unusual spike in password disclosure events by a requesting user.

Strategy

This rule monitors Delinea Privilege Manager logs to detect an unusual spike in password disclosure events by a requesting user.

Triage and Response

  1. Reach out to the requesting user: {{@RequestingUser}} to clarify if the password disclosure activity was intentional or possibly unauthorized.
  2. Investigate affected accounts to determine if they belong to critical systems, privileged users, or sensitive roles.
  3. Analyze patterns in disclosure requests, such as unusual IP addresses, locations.
  4. Temporarily restrict or disable access to impacted accounts if the activity appears unauthorized.
  5. Reset passwords for affected accounts to prevent potential misuse.
  6. Update access roles and refine disclosure policies to prevent future incidents.
OSZAR »