LastPass activity from a Tor client IP address
Set up the lastpass integration.
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。
Goal
Detect LastPass activity observed from a Tor exit node.
Strategy
Monitor LastPass event logs and IP address associated with it to determine whether activity is observed from a Tor client. Datadog enriches all ingested logs with expert-curated threat intelligence in real-time.
Triage and response
- Determine if the user:
{{@usr.name}} from IP address: {{@network.client.ip}} should have performed activity: {{@evt.name}}. - Investigate the user’s recent activity and login history to identify potential anomalies.
- If the activity is deemed suspicious, consider escalating the incident to the security team for further investigation and potential remediation.
