Policies
SCKIPT is an initiative created by Sergio Albea focus on detect possible User Behaviours which can put the security of our systems in risk. More explanations here.
Initially, SCKIPT focused on the behavior of Standard Users, referring to accounts with no privileges or advanced roles. In 2025, it has been upgraded to include the monitoring of Privileged User behavior, ensuring that they do not abuse their assigned roles and that all their activities are effectively tracked.
UB – User Behaviour Rp -Related Page K -KQL Queries W– WebSites M – MITRE ATT&CK Reference
SCKIPT User Behaviour Matrix (Privileged Users) | ||||
|---|---|---|---|---|
Source (UB) | Case Scenario (C) | Known Interactions (K) | Protection (P) | Threats (T) |
PUB3. Policies | PUB3.C1 – Exceptions | PUB3.C1.K1 – Add Exceptions into policies to bypass the corresponding controls | PUB3.C1.K1 – Monitor all exceptions changes into Policies – Requires additional approval to add exceptions | PUB3.C1.K1.T1 – Non-approved exceptions added into policies – Threats not detected due to the added exceptions |
A2A5B3 | ||||