Any new admin activity by a particular user from a given country first seen in the last 7 days. Default lookback window over all admin activity in the last 60 days.
Category: Cloud Provisioning Activity
Use Cases: Detect
Data Sources: Audit Logs - Admin Activity
| BigQuery | Chronicle |
|---|---|
| SQL | Contribute rule |
No event generation steps provided. Contribute emulation test to this use case.
No log samples provided. Contribute log samples to this use case.