Forum Discussion
dmarquesgn
Aug 28, 2024Iron Contributor
Hunting for data related to priviledge escalation (like app installs)
Hi,
I'm navigating the Defender tables to try to understand how can I hunt for priviledge escalation events, benign ones in this case, for example, when our Helpdesk team connects to a computer to install an application, it will request an elevation of priviledges, as the local users do not have permissions for it.
I would like to audit this type of priviledge escalation events, but I can't find the data related to it.
Anyone knows in which table can I find this kind of data?
Thanks
No RepliesBe the first to reply