Sensitive Privilege Use
- Sensitive Privilege Use
Configuration
query
Severity:ERROR AND Channel:Security AND Category:Sensitive Privilege Use AND NOT PrivilegeList:SeProfileSingleProcessPrivilege AND NOT PrivilegeList:SeLoadDriverPrivilege AND NOT SubjectUserSid:S\-1\-5\-19 AND NOT SubjectUserSid:S\-1\-5\-18 AND NOT PrivilegeList:SeTcbPrivilege AND NOT PrivilegeList:SeCreateGlobalPrivilege
config
Key | Value — | — type | aggregation-v1 query | Severity:ERROR AND Channel:Security AND Category:Sensitive Privilege Use AND NOT PrivilegeList:SeProfileSingleProcessPrivilege AND NOT PrivilegeList:SeLoadDriverPrivilege AND NOT SubjectUserSid:S\-1\-5\-19 AND NOT SubjectUserSid:S\-1\-5\-18 AND NOT PrivilegeList:SeTcbPrivilege AND NOT PrivilegeList:SeCreateGlobalPrivilege streams | [5f74fe0891d2ba1b645adb8d] conditions | {expression:null} search_within_ms | 3600000 execute_every_ms | 3600000
SIEM Windows Event Log Alerts
.