---
title: >-
  Delinea Privilege Manager unusual spike in password disclosure events by a
  requesting user
description: Datadog, the leading service for cloud-scale monitoring.
breadcrumbs: >-
  Docs > Datadog Security > OOTB Rules > Delinea Privilege Manager unusual spike
  in password disclosure events by a requesting user
---

# Delinea Privilege Manager unusual spike in password disclosure events by a requesting user

{% alert level="danger" %}
This rule is part of a beta feature. To learn more, [contact Support](https://docs.datadoghq.com/help/).
{% /alert %}
Classification:attackTactic:[TA0006-credential-access](https://attack.mitre.org/tactics/TA0006)Technique:[T1555-credentials-from-password-stores](https://attack.mitre.org/techniques/T1555) 
## Goal{% #goal %}

Detects an unusual spike in password disclosure events by a requesting user.

## Strategy{% #strategy %}

This rule monitors Delinea Privilege Manager logs to detect an unusual spike in password disclosure events by a requesting user.

## Triage and Response{% #triage-and-response %}

1. Reach out to the requesting user: `{{@RequestingUser}}` to clarify if the password disclosure activity was intentional or possibly unauthorized.
1. Investigate affected accounts to determine if they belong to critical systems, privileged users, or sensitive roles.
1. Analyze patterns in disclosure requests, such as unusual IP addresses, locations.
1. Temporarily restrict or disable access to impacted accounts if the activity appears unauthorized.
1. Reset passwords for affected accounts to prevent potential misuse.
1. Update access roles and refine disclosure policies to prevent future incidents.