Delinea Privilege Manager detected a bad-rated application action event

This rule is part of a beta feature. To learn more, contact Support.

Classification:

attack

Tactic:

Technique:

このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。

Goal

Detects bad-rated application action events.

This rule monitors the Delinea Privilege Manager logs to detect bad-rated application action events.

Analyze the bad-rated application action event on the computer: {{@ComputerName}}.
Determine whether the flagged application {{@FileName}} located at {{@FilePath}} was executed or installed on other systems.
Temporarily isolate the affected system to prevent potential spread or harm.
Update the application control policy to block the flagged application.
Notify the user to avoid similar activities and ensure compliance with application usage policies.