<  Back to rules search

Jumpcloud administrator role assigned

jumpcloud

Classification:

attack

Tactic:

Set up the jumpcloud integration.

Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.

Goal

Detect when administrative privileges are provisioned to a JumpCloud user.

Strategy

This rule lets you monitor the following JumpCloud event to detect when administrative privileges are provisioned:

  • user_admin_granted

Triage and response

  1. Contact the JumpCloud administrator: {{@usr.email}} to confirm that the users or devices should have administrative privileges.
  2. If the change was not authorized, verify there are no other signals from the JumpCloud administrator: {{@usr.email}}.