---
title: Atlassian user invited to organization as an organization administrator
description: Datadog, the leading service for cloud-scale monitoring.
breadcrumbs: >-
  Docs > Datadog Security > OOTB Rules > Atlassian user invited to organization
  as an organization administrator
---

# Atlassian user invited to organization as an organization administrator
Classification:attackTactic:[TA0004-privilege-escalation](https://attack.mitre.org/tactics/TA0004)Technique:[T1098-account-manipulation](https://attack.mitre.org/techniques/T1098) 
## Goal{% #goal %}

Detect when an Atlassian user is invited to the organization with the organizational administrator role.

## Strategy{% #strategy %}

This rule monitors Atlassian organization audit logs for when a user is invited to the organization with the organizational administrator role. An attacker may try to invite an additional identity to the organization with high-level privileges.

## Triage and response{% #triage-and-response %}

1. Determine if the user `{{@usr.email}}` intended to invite the target user as an organizational administrator:
   - Is there a related ticket tracking this change?
   - Is `{{@usr.email}}` aware of this activity?
   - Is the network metadata associated with the activity unusual for this user?
1. If the results of the triage indicate that `{{@usr.email}}` was not aware of this activity or it did not originate from a known network, begin your company's incident response process, and start an investigation.