heroui logo

Tines Story Items Destruction

Panther Rules

View Source
Summary
The rule 'Tines Story Items Destruction' is designed to monitor and log instances where a user has destroyed a story item within the Tines platform. It specifically listens for the audit logs generated by Tines which indicate that a 'StoryItemsDestruction' operation has occurred. The rule includes a threshold of 1, meaning it will trigger upon the first detected instance of this action. It classifies the event with an informational severity level, dating back to the log of operation occurrences, specifically capturing relevant user details such as email, user ID, and request metadata to aid in identifying the source of the destruction request. Additionally, it generates a runbook advising personnel to confirm any reported data destruction with the concerned user to ensure the action had valid business purposes. The rule also contains a deduplication period of 60 minutes to minimize repetitive alerts for the same event within a specified timeframe. This helps manage noise and focuses on significant occurrences of story item destruction.
Categories
  • Cloud
  • Application
Data Sources
  • Logon Session
  • Application Log
  • User Account
Created: 2023-06-26