Hunting for data related to priviledge escalation (like app installs)

Iron Contributor

Hi,

I'm navigating the Defender tables to try to understand how can I hunt for priviledge escalation events, benign ones in this case, for example, when our Helpdesk team connects to a computer to install an application, it will request an elevation of priviledges, as the local users do not have permissions for it.

I would like to audit this type of priviledge escalation events, but I can't find the data related to it.

 

Anyone knows in which table can I find this kind of data?


Thanks

0 Replies