Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
Adversaries may circumvent mechanisms designed to control elevated privileges to gain higher-level permissions. The query below generates an output of all users performing an "action" operation regarding an access elevation, where one or more features of the activity deviate from the user, his peers or the tenant profile.
| Attribute | Value |
|---|---|
| Type | Hunting Query |
| Solution | UEBA Essentials |
| ID | bd6fda76-c0df-41b0-b8cd-808190e1ded0 |
| Tactics | PrivilegeEscalation |
| Techniques | T1548 |
| Required Connectors | BehaviorAnalytics |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
BehaviorAnalytics |
✓ | ✗ | ? |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊