Delinea Privilege Manager unusual spike in password disclosure events by a requesting user

This rule is part of a beta feature. To learn more, contact Support.

Classification:

attack

Tactic:

Technique:

Goal

Detects an unusual spike in password disclosure events by a requesting user.

This rule monitors Delinea Privilege Manager logs to detect an unusual spike in password disclosure events by a requesting user.

Reach out to the requesting user: {{@RequestingUser}} to clarify if the password disclosure activity was intentional or possibly unauthorized.
Investigate affected accounts to determine if they belong to critical systems, privileged users, or sensitive roles.
Analyze patterns in disclosure requests, such as unusual IP addresses, locations.
Temporarily restrict or disable access to impacted accounts if the activity appears unauthorized.
Reset passwords for affected accounts to prevent potential misuse.
Update access roles and refine disclosure policies to prevent future incidents.