Classification:

attack

Tactic:

TA0003-persistence

Technique:

T1098-account-manipulation

VIEW RULE IN DATADOG VIEW SIGNALS

Goal

Detect when a Cloudflare CASB finding is observed.

Strategy

Cloudflare’s Cloud Access Security Broker (CASB) scans SaaS integrations for various misconfigurations, and security issues that can occur after a user has successfully logged in. These scans result in findings that detail the security issues detected within the SaaS application.

Triage & response

Investigate the asset {{@AssetDisplayName}} involved in the finding: {{@FindingTypeDisplayName}}from the {{@IntegrationDisplayName}} integration.