Hi,

I’m navigating the Defender tables to try to understand how can I hunt for priviledge escalation events, benign ones in this case, for example, when our Helpdesk team connects to a computer to install an application, it will request an elevation of priviledges, as the local users do not have permissions for it.

I would like to audit this type of priviledge escalation events, but I can’t find the data related to it.

Anyone knows in which table can I find this kind of data?

Thanks

​Hi,I’m navigating the Defender tables to try to understand how can I hunt for priviledge escalation events, benign ones in this case, for example, when our Helpdesk team connects to a computer to install an application, it will request an elevation of priviledges, as the local users do not have permissions for it.I would like to audit this type of priviledge escalation events, but I can’t find the data related to it. Anyone knows in which table can I find this kind of data?Thanks  Read More

​