LoFP / a group can be modified for legitimate purposes.

Techniques

Sample rules

FortiGate - User Group Modified

• source: sigma
• technicques:

Description

Detects the modification of a user group on a Fortinet FortiGate Firewall. The group could be used to grant VPN access to a network.

Detection logic

condition: selection
selection:
  action: Edit
  cfgpath: user.group