Privilege Escalation after Powershell Activity


This threat is a simple rule to look for privilege escalation occurring after a suspicious powershell command. UBA has the ability to create simple correlation threat rules based on anomalies. This threat is one such rule.

Content Mapping

This content is not mapped to any local saved search. Add mapping

Use Case

Advanced Threat Detection, Security Monitoring


Adversary Tactics, Endpoint Compromise, Malware

Alert Volume

Low (?)

SPL Difficulty



Stage 4

Data Sources

Windows Security