Sensitive Privilege Use

  • Sensitive Privilege Use

Configuration

query

Severity:ERROR AND Channel:Security AND Category:Sensitive Privilege Use AND NOT PrivilegeList:SeProfileSingleProcessPrivilege AND NOT PrivilegeList:SeLoadDriverPrivilege AND NOT SubjectUserSid:S\-1\-5\-19 AND NOT SubjectUserSid:S\-1\-5\-18 AND NOT PrivilegeList:SeTcbPrivilege AND NOT PrivilegeList:SeCreateGlobalPrivilege

config

Key | Value — | — type | aggregation-v1 query | Severity:ERROR AND Channel:Security AND Category:Sensitive Privilege Use AND NOT PrivilegeList:SeProfileSingleProcessPrivilege AND NOT PrivilegeList:SeLoadDriverPrivilege AND NOT SubjectUserSid:S\-1\-5\-19 AND NOT SubjectUserSid:S\-1\-5\-18 AND NOT PrivilegeList:SeTcbPrivilege AND NOT PrivilegeList:SeCreateGlobalPrivilege streams | [5f74fe0891d2ba1b645adb8d] conditions | {expression:null} search_within_ms | 3600000 execute_every_ms | 3600000

SIEM Windows Event Log Alerts

.


Last modified December 17, 2020