Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
Adversaries may circumvent mechanisms designed to control elevated privileges to gain higher-level permissions. The query below generates an output of all users performing an "action" operation regarding an access elevation, where one or more features of the activity deviate from the user, his peers or the tenant profile.
| Attribute | Value |
|---|---|
| Type | Hunting Query |
| Solution | UEBA Essentials |
| ID | bd6fda76-c0df-41b0-b8cd-808190e1ded0 |
| Tactics | PrivilegeEscalation |
| Techniques | T1548 |
| Required Connectors | BehaviorAnalytics |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Selection Criteria | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|---|
BehaviorAnalytics |
ActivityInsights has "True" |
✓ | ✗ | ? |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊