Tailscale security email modified

Documentos > Datadog Security > OOTB Rules > Tailscale security email modified

Classification:

attack

Tactic:

TA0005-defense-evasion

Technique:

T1562-impair-defenses

Set up the tailscale integration.

Esta página aún no está disponible en español. Estamos trabajando en su traducción.
Si tienes alguna pregunta o comentario sobre nuestro actual proyecto de traducción, no dudes en ponerte en contacto con nosotros.

Goal

Detect when the Tailscale security issues email has been modified.

Strategy

This rule monitors Tailscale logs when the security issues email has been modified. The Tailscale security issues email is used for notifications about security issues affecting your tailnet. An unauthorized entity modifying this email could be an indicator of a compromised tailscale tenant owner or an insider threat.

Triage and response

Investigate the user {{@usr.email}} that modified the security email within your Tailscale configuration.
If the activity is deemed malicious:
- Begin your organization’s incident response process and investigate.