LetsDefend Monitoring Alert

PAM Configuration Changed

Feb, 08, 2024, 01:30 PM

Event ID: 223

Event Time: Feb, 08, 2024, 01:30 PM

Rule Name: SOC258 - PAM Configuration Changed

Alert Type: Unauthorized Access

MITRE Technique:
T1110 - Credential Access - Brute Force,
T1133 - Initial Access - External Remote Services,
T1136 - Persistence - Create Account,
T1556 - Credential Access - Modify Authentication Process,
T1059.004 - Execution - Command and Scripting Interpreter: Unix Shell,
T1556.003 - Persistence - Modify Authentication Process: Pluggable Authentication Modules,

Severity: Medium

Incident Responder

2025 © LetsDefend

45305 Catalina ct. Suite 150, Sterling VA 20166