Block Computer Object / Azure Sentinel Playbook "Named Pipes Privilege escalation"

Copper Contributor

Hello MS Community,


I have a question about the following Use Case.

If some Hosts (Server / Clients) use the "Named Pipes privilege escalation", I would like to response automatically via Sentinel. I think to isolate / lock the coomputer object would be an good idea.
Maybe someone had the same use case and have an solution for that toppic.


Thanks a lot & best regards

0 Replies