Techniques
Sample rules
Okta Admin Role Assignment Created
- source: sigma
- technicques:
Description
Detects when a new admin role assignment is created. Which could be a sign of privilege escalation or persistence
Detection logic
condition: selection
selection:
eventtype: iam.resourceset.bindings.add