<  Back to rules search

Jumpcloud administrator role assigned

jumpcloud

Classification:

attack

Tactic:

Set up the jumpcloud integration.

Goal

Detect when administrative privileges are provisioned to a JumpCloud user.

Strategy

This rule lets you monitor the following JumpCloud event to detect when administrative privileges are provisioned:

  • user_admin_granted

Triage and response

  1. Contact the JumpCloud administrator: {{@usr.email}} to confirm that the users or devices should have administrative privileges.
  2. If the change was not authorized, verify there are no other signals from the JumpCloud administrator: {{@usr.email}}.