GitLab group visibility changed to public

gitlab

Classification:

attack

Tactic:

TA0009-collection

Technique:

T1213-data-from-information-repositories

Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.

Goal

Detect when a GitLab group visibility changes from private to public.

Strategy

This rule monitors GitLab audit logs for changes indicated by group_visibility_level_updated.

An unintended change to public visibility can allow valuable information about the GitLab group and associated repositories to be viewed by a potential attacker.

Triage and response

  1. Determine whether the change{{@custom_message}} made by {{@usr.name}} is expected.
  2. If the change was not authorized or unexpected, begin your organization’s incident response process and investigate.