GitLab group visibility changed to public

gitlab

Classification:

attack

Tactic:

TA0009-collection

Technique:

T1213-data-from-information-repositories

이 페이지는 아직 한국어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Goal

Detect when a GitLab group visibility changes from private to public.

Strategy

This rule monitors GitLab audit logs for changes indicated by group_visibility_level_updated.

An unintended change to public visibility can allow valuable information about the GitLab group and associated repositories to be viewed by a potential attacker.

Triage and response

  1. Determine whether the change{{@custom_message}} made by {{@usr.name}} is expected.
  2. If the change was not authorized or unexpected, begin your organization’s incident response process and investigate.