<  Back to rules search

Jumpcloud policy modified

jumpcloud

Classification:

attack

Tactic:

Set up the jumpcloud integration.

Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.

Goal

Detect when a JumpCloud policy is modified.

Strategy

This rule lets you monitor the following JumpCloud event to detect when a policy is modified:

  • @evt.name:policy_update

Triage and response

  1. Contact the JumpCloud administrator {{@usr.email}} to confirm if the policy modification(s) was intended.
  2. If the change was not authorized, verify there are no other signals from the administrator:{{@usr.email}}.