Asana role change to admin or super-admin detected
Set up the asana integration.
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、
お気軽にご連絡ください。
Goal
Identify role changes to admin or super-admin, as these could indicate privilege escalation attempts or improper access assignments.
Strategy
This rule monitors log events specifically for changes where roles are elevated to admin or super-admin. It aims to detect unauthorized access or misconfigurations that could impact system security.
Triage and response
- Examine the logs to identify the user
{{@usr.email}} whose role was changed to admin or super-admin and determine the initiator of the change {{@resource.email}}. - Confirm if the role change was expected or authorized by consulting relevant stakeholders or referring to change management records.
- Analyze whether the user or initiator has recently engaged in unusual or high-risk activities, which could indicate a compromised account or intentional misuse.
- If the role change is unauthorized, consider reverting the role, notifying affected parties, and initiating a security review.
