scope-drift-detection-user
CommunityDetect user account scope creep.
Data & Analytics#user behavior#entitlements#scope drift#security monitoring#access creep#identity security
Authormsandbu
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This Skill detects "scope drift" – the gradual, often imperceptible expansion of access or behavior beyond an established baseline – in Entra ID user accounts, which can evade traditional threshold-based detections.
Core Features & Use Cases
- Behavioral Baseline: Establishes a 90-day baseline for user sign-ins (interactive and non-interactive).
- Drift Scoring: Computes weighted drift scores across multiple dimensions (applications, IPs, locations, etc.).
- Corroboration: Correlates drift signals with audit logs, security alerts, identity protection events, cloud app activity, and email patterns.
- Use Case: Identify if a user account, over time, has started accessing new applications, originating from new locations, or using new devices, indicating potential privilege creep or a compromised account exhibiting subtle anomalous behavior.
Quick Start
Use the scope-drift-detection-user skill to analyze user account scope drift for 'user@example.com'.
Dependency Matrix
Required Modules
None requiredComponents
scriptsreferences
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: scope-drift-detection-user Download link: https://github.com/msandbu/sentinelday/archive/main.zip#scope-drift-detection-user Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 223,000+ vetted skills library on demand.