BambooHR
Communication and Collaboration
BambooHR - CRM platform with marketing, sales, and customer service tools.
Detection Rules for BambooHR CRM
These detection rules target BambooHR’s cloud-based HR software, designed to monitor unauthorized access, data manipulation, and irregular activities in employee management. They ensure protection of sensitive employee data, track suspicious behavior, and help prevent insider and external threats to HR operations.
Provider: BambooHR
Detection Rule | MITRE Tactic | MITRE Technique | Criticality | ||||||
---|---|---|---|---|---|---|---|---|---|
Unauthorized Access Attempts | Credential Access | T1078 - Valid Accounts | High | ||||||
|
|||||||||
Data Exfiltration via API | Exfiltration | T1041 - Exfiltration Over Command and Control Channel | Critical | ||||||
|
|||||||||
Anomalous User Activity | Discovery | T1087 - Account Discovery | Medium | ||||||
|
|||||||||
Changes to Sensitive Employee Data | Impact | T1491 - Defensible Data Deletion | High | ||||||
|
|||||||||
Suspicious Login Locations | Credential Access | T1078 - Valid Accounts | High | ||||||
|
|||||||||
Large Volume of Data Downloads | Exfiltration | T1041 - Exfiltration Over Command and Control Channe | High | ||||||
|
|||||||||
Failed Login Attempts | Credential Access | T1078 - Valid Accounts | Medium | ||||||
|
|||||||||
API Abuse for Unauthorized Actions | Impact | T1098 - Account Manipulation | Critical | ||||||
|
|||||||||
Malicious File Uploads | Execution | T1203 - Exploitation for Client Execution | Critical | ||||||
|
|||||||||
User Account Changes | Discovery | T1087 - Account Discovery | Medium | ||||||
|
APIs and Their Scopes
App: HubSpot | API Required | Scope Required | Usage |
---|---|---|---|
Unauthorized Access Attempts | BambooHR API | employees:read, auditLogs:read | Access to employee data and audit logs for monitoring logins. |
Data Exfiltration via API | BambooHR API | employee.read, data.download | Access to employee data and API access logs. |
Anomalous User Activity | BambooHR API | employee.read, audit.read | Access to user activity logs and audit trails. |
Changes to Sensitive Employee Data | BambooHR API | employee.read, employee.update | Access to employee records and update logs. |
Suspicious Login Locations | BambooHR API | employee.read | Access to read login location data for employees. |
Large Volume of Data Downloads | BambooHR API | data.download | Access to monitor and log data download activities. |
Failed Login Attempts | BambooHR API | employee.read | Access to read failed login attempts and security logs. |
API Abuse for Unauthorized Actions | BambooHR API | employee.read, audit.read | Access to audit logs for monitoring API calls and user actions. |
Malicious File Uploads | BambooHR API | employee.read, file.upload | Access to read uploaded file data and perform scans. |
User Account Changes | BambooHR API | employee.read, employee.update | Access to changes made to employee accounts and profiles. |
Reports and Widgets for CISO
Report Name | Widgets | Description |
---|---|---|
Unauthorized Access Attempts | Line chart of failed login attempts over time | Overview of failed login attempts and suspicious access. |
List of top 10 IPs with failed attempts Pie chart of access attempts by user role |
||
Data Exfiltration Alerts | Bar chart of data download volume per user | Summary of data downloads and potential exfiltration activities |
Heatmap of data download activities by time of day List of flagged files downloaded |
||
Anomalous User Activity | Scatter plot of user logins by time and location | Insights into unusual user behaviors and patterns |
User activity timeline List of users exhibiting unusual access patterns |
||
Sensitive Data Changes | Table of recent changes to sensitive data | Log of modifications made to sensitive employee data |
Line chart of changes over time Bar chart of changes by user role |
||
Login Location Analysis | Map visualizing login locations | Overview of login locations and patterns |
List of recent logins from suspicious locations Bar chart of logins by region |
||
Data Download Volume | Line chart showing total download volume over time | Analysis of download activity within the system |
Top 10 files downloaded User download activity breakdown |
||
Failed Login Reports | Bar chart of failed login attempts per user | Summary of failed login attempts to track potential breaches |
Line chart of failed attempts over time List of IPs with highest failed attempts |
||
API Usage Statistics | Bar chart of API calls by endpoint | Monitoring of API calls and potential abuse |
Line chart of API usage over time Table of unusual API access patterns |
||
Malicious File Uploads | List of flagged uploads with details | Tracking and reporting of uploaded files flagged as malicious |
Bar chart of uploads by user Timeline of malicious file uploads |
||
Account Changes Overview | Table of recent account changes | Summary of changes to user accounts within BambooHR |
Bar chart of changes by user role Pie chart of changes by department |