Synopsis
Activation Period |
14 Days |
Training Period |
30 Days |
Test Period |
N/A (single event) |
Deduplication Period |
5 Days |
Required Data |
|
Detection Modules |
Identity Threat Module |
Detector Tags |
|
ATT&CK Tactic |
|
ATT&CK Technique |
|
Severity |
Informational |
Description
A privilege was removed from a Google Workspace Role, This could potentially affect the access to services and data in the organization.
Attacker's Goals
Gain access to sensitive data stored in the workspace. Gain elevated privileges in the workspace.
Investigative actions
- Investigate who was assigned the deleted role privilege.
- Verify if the role privilege was deleted intentionally.