Techniques
Sample rules
Github Outside Collaborator Detected
- source: sigma
- technicques:
- t1098
- t1098.001
- t1098.003
- t1213
- t1213.003
Description
Detects when an organization member or an outside collaborator is added to or removed from a project board or has their permission level changed or when an owner removes an outside collaborator from an organization or when two-factor authentication is required in an organization and an outside collaborator does not use 2FA or disables 2FA.
Detection logic
condition: selection
selection:
action:
- org.remove_outside_collaborator
- project.update_user_permission