Privilege Escalation after Powershell Activity

Description

This threat is a simple rule to look for privilege escalation occurring after a suspicious powershell command. UBA has the ability to create simple correlation threat rules based on anomalies. This threat is one such rule.

Content Mapping

This content is not mapped to any local saved search. Add mapping


Use Case

Advanced Threat Detection, Security Monitoring

Category

Adversary Tactics, Endpoint Compromise, Malware

Alert Volume

Low

Journey

Stage 4

Data Sources

Windows Security