SAML Token Issuer Anomaly (e3393cba-31f0-4207-831e-aef90ab17a8c)
Indicates the SAML token issuer for the associated SAML token is potentially compromised. The claims included in the token are unusual or match known attacker patterns
Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
---|---|---|---|---|
SAML Token Issuer Anomaly (e3393cba-31f0-4207-831e-aef90ab17a8c) | Sigma-Rules | Forge Web Credentials - T1606 (94cb00a4-b295-4d06-aa2b-5653b9c1be9c) | Attack Pattern | 1 |