Hunting-Queries-Detection-Rules icon indicating copy to clipboard operation
Hunting-Queries-Detection-Rules copied to clipboard

Published 20 hours ago verified publisher icon Bert-JanP

Add monitoring for cloud break glass accounts

Open erikgruetter opened this issue 9 months ago • 3 comments

Hey there This detection rule would be able to detect if any activity is performed from a cloud break glass account. this helps to monitor any activities performed by these accounts.

erikgruetter avatar May 14 '24 11:05 erikgruetter

Hi, thank you for the request. Can you change the Sentinel query to match the tables available in Sentinel?

Bert-JanP avatar May 16 '24 06:05 Bert-JanP

@Bert-JanP sorry, I thought the tables were available in Sentinel too from my research. I have now removed the Sentinel Query (at the moment I don't have access to a Sentinel Environment).

erikgruetter avatar May 16 '24 06:05 erikgruetter

No problem at all! I will add the Sentinel table in their with the same logic once I return from the EU Cloud Summit. Thanks for this addition!

Bert-JanP avatar May 16 '24 07:05 Bert-JanP