Delinea Privilege Manager detected a bad-rated application action event

This rule is part of a beta feature. To learn more, contact Support.
delinea-privilege-manager

Classification:

attack

Tactic:

TA0002-execution

Technique:

T1204-user-execution

This page is not yet available in Spanish. We are working on its translation.
If you have any questions or feedback about our current translation project, feel free to reach out to us!

Goal

Detects bad-rated application action events.

Strategy

This rule monitors the Delinea Privilege Manager logs to detect bad-rated application action events.

Triage and Response

  1. Analyze the bad-rated application action event on the computer: {{@ComputerName}}.
  2. Determine whether the flagged application {{@FileName}} located at {{@FilePath}} was executed or installed on other systems.
  3. Temporarily isolate the affected system to prevent potential spread or harm.
  4. Update the application control policy to block the flagged application.
  5. Notify the user to avoid similar activities and ensure compliance with application usage policies.