Tailscale user role updated
Set up the tailscale integration.
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、
お気軽にご連絡ください。
Goal
Detect when a Tailscale user’s role is updated.
Strategy
This rule monitors Tailscale logs for when a user’s role is updated. This could be a privilege escalation vector for an attacker looking to bypass restrictions from a lower privileged user.
Triage and response
- Investigate the user
{{@usr.email}}
that performed the UPDATE action on user {{@target.name}}
. - Compare the previous roles
{{@old}}
with the new role updates containing the {{@new}}
role and confirm that they should be assigned to the user {{@target.name}}
. - If the activity is deemed malicious:
- Begin your organization’s incident response process and investigate.