Techniques
Sample rules
User Removed From Group With CA Policy Modification Access
- source: sigma
- technicques:
- t1548
- t1556
Description
Monitor and alert on group membership removal of groups that have CA policy modification access
Detection logic
condition: selection
selection:
properties.message: Remove member from group
User Added To Group With CA Policy Modification Access
- source: sigma
- technicques:
- t1548
- t1556
Description
Monitor and alert on group membership additions of groups that have CA policy modification access
Detection logic
condition: selection
selection:
properties.message: Add member from group