Techniques
Sample rules
Roles Are Not Being Used
- source: sigma
- technicques:
- t1078
Description
Identifies when a user has been assigned a privilege role and are not using that role.
Detection logic
condition: selection
selection:
riskEventType: redundantAssignmentAlertIncident
Stale Accounts In A Privileged Role
- source: sigma
- technicques:
- t1078
Description
Identifies when an account hasn’t signed in during the past n number of days.
Detection logic
condition: selection
selection:
riskEventType: staleSignInAlertIncident