Hi,
I'm navigating the Defender tables to try to understand how can I hunt for priviledge escalation events, benign ones in this case, for example, when our Helpdesk team connects to a computer to install an application, it will request an elevation of priviledges, as the local users do not have permissions for it.
I would like to audit this type of priviledge escalation events, but I can't find the data related to it.
Anyone knows in which table can I find this kind of data?
Thanks