all InfoSec News
Runbook for 'Suspected Identity Theft - Pass The Ticket'
June 29, 2024, 4:26 p.m. | /u/Evocablefawn566
cybersecurity www.reddit.com
I'm seeing quite a few alerts coming in that are 'Suspected Identity Theft - Pass The Ticket' from Sentinel.
I'm really not too sure how to handle these.
Essentially, what I am seeing:
Alerting computer: (Laptop1)
DC: (DC1)
User: User
What I do:
I check sign in logs, look for abnormalities
Check the IP's/Devices and make sure the user/device is trying to access internal resources, not an unknown account accessing internal resources
Not sure what else to …
alerting alerts check coming computer cybersecurity identity identity theft logs pass sentinel sign theft ticket
More from www.reddit.com / cybersecurity
Jobs in InfoSec / Cybersecurity
Security Program Manager
@ PwC | Dublin - One Spencer Dock
Risk Services, Digital Audit - Associate / Senior Associate
@ PwC | Singapore - Marina One
Risk Services, Digital Audit - Manager
@ PwC | Singapore - Marina One
Director, Performance Marketing & Revenue Analytics
@ Proofpoint | Sunnyvale, CA
Regulated Data Program Manager - University Information Services – Georgetown University
@ Georgetown University | 2115 Wisconsin Ave 3rd Floor
Security Monitoring and Response Analyst II - (SOC)
@ Mastercard | Pune, India