Sensitive Privilege Use

Sections on this page

Configuration

Query

Severity:ERROR AND Channel:Security AND Category:Sensitive Privilege Use AND NOT PrivilegeList:SeProfileSingleProcessPrivilege AND NOT PrivilegeList:SeLoadDriverPrivilege AND NOT SubjectUserSid:S\-1\-5\-19 AND NOT SubjectUserSid:S\-1\-5\-18 AND NOT PrivilegeList:SeTcbPrivilege AND NOT PrivilegeList:SeCreateGlobalPrivilege

Config

Key | Value — | — type | aggregation-v1 query | Severity:ERROR AND Channel:Security AND Category:Sensitive Privilege Use AND NOT PrivilegeList:SeProfileSingleProcessPrivilege AND NOT PrivilegeList:SeLoadDriverPrivilege AND NOT SubjectUserSid:S\-1\-5\-19 AND NOT SubjectUserSid:S\-1\-5\-18 AND NOT PrivilegeList:SeTcbPrivilege AND NOT PrivilegeList:SeCreateGlobalPrivilege streams | [5f74fe0891d2ba1b645adb8d] conditions | {expression:null} search_within_ms | 3600000 execute_every_ms | 3600000

SIEM Windows Event Log Alerts

Last modified December 17, 2020