heroui logo

OneLogin User Password Changed

Panther Rules

View Source
Summary
The OneLogin Password Changed detection rule is designed to monitor and alert on password changes performed by users within the OneLogin identity management system. The rule captures events related to user password updates and can differentiate between legitimate password changes by the user or unauthorized changes potentially made by malicious actors. It generates logs when a user changes their password or when an admin attempts to change another user's password. Events are categorized with specific event type IDs to facilitate accurate detection and responses. This rule plays a crucial role in ensuring that any unauthorized access or attempts to gain control over user accounts are quickly identified and addressed.
Categories
  • Identity Management
  • Cloud
  • Application
Data Sources
  • User Account
  • Application Log
  • Cloud Service
Created: 2022-09-02