<  Back to rules search

Jumpcloud policy created

jumpcloud

Classification:

attack

Tactic:

Set up the jumpcloud integration.

Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.

Goal

Detect when a JumpCloud policy is created.

Strategy

This rule lets you monitor the following JumpCloud event to detect when a policy is created:

  • @evt.name:policy_create

Triage and response

  1. Contact the JumpCloud administrator {{@usr.email}} to confirm if the policy creation was intended.
  2. If the change was not authorized, verify there are no other signals from the administrator:{{@usr.email}}.