Synopsis
Activation Period |
14 Days |
Training Period |
30 Days |
Test Period |
N/A (single event) |
Deduplication Period |
1 Day |
Required Data |
|
Detection Modules |
Identity Threat Module |
Detector Tags |
Okta Audit Analytics |
ATT&CK Tactic |
|
ATT&CK Technique |
Account Manipulation: Additional Cloud Credentials (T1098.001) |
Severity |
Informational |
Description
A user assigned admin privileges to a new user or group.
Attacker's Goals
An attacker is attempting to gain access to sensitive information or systems, while privilege escalation involves their attempt to increase control and access within the system or network.
Investigative actions
- Reach out to the user responsible for the alert to confirm the legitimacy of the activity.
- Examine the user's actions preceding and following the activation of the alert.
- Analyze the actions carried out by the user responsible for granting permission.