GitLab project visibility changed
Set up the gitlab integration.
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、
お気軽にご連絡ください。
Goal
Detects when the visibility level of a GitLab project is changed. Changes to public visibility may expose sensitive code and data to unauthorized users.
Strategy
This rule monitors the project_visibility_level_updated GitLab audit event. The detection tracks when users modify project visibility settings, which can include changes that make previously private or internal projects publicly accessible.
Triage & Response
- Verify if
{{@usr.name}} had legitimate authorization to change the project visibility settings. - Examine the specific project that was modified and determine if it contains sensitive code or data that should not be publicly accessible.
- Review the project’s previous visibility level to understand the scope of the exposure change.
- Check if the visibility change aligns with documented business requirements or approved change requests.
- Determine if any sensitive information, credentials, or proprietary code may have been inadvertently exposed through the visibility change.
