Synopsis
Activation Period |
14 Days |
Training Period |
30 Days |
Test Period |
N/A (single event) |
Deduplication Period |
5 Days |
Required Data |
|
Detection Modules |
Identity Threat Module |
Detector Tags |
|
ATT&CK Tactic |
|
ATT&CK Technique |
|
Severity |
Informational |
Description
Admin privileges were granted to a Google Workspace user. This user now has access to additional administrative functions and settings.
Attacker's Goals
Gain access to sensitive data stored in Google Workspace. Manipulate or delete data stored in Google Workspace. Gain access to privileged features in Google Workspace.
Investigative actions
- Check which Google Workspace user was granted the admin privileges.
- Check if the user is authorized to be granted such privileges.
- Review the audit logs to determine the actions taken by the user.