Forum Discussion

dmarquesgn's avatar
dmarquesgn
Iron Contributor
Aug 28, 2024

Hunting for data related to priviledge escalation (like app installs)

Hi,

I'm navigating the Defender tables to try to understand how can I hunt for priviledge escalation events, benign ones in this case, for example, when our Helpdesk team connects to a computer to install an application, it will request an elevation of priviledges, as the local users do not have permissions for it.

I would like to audit this type of priviledge escalation events, but I can't find the data related to it.

 

Anyone knows in which table can I find this kind of data?


Thanks

No RepliesBe the first to reply

Resources