Unsuccessful User Privilege Gain
The Unsuccessful User Privilege Gain rules detect privilege escalation attempts that have failed. This can indicate that an attacker is intentionally attempting to elevate privileges and is failing, and that unsuspecting users are unknowingly aiding in a system compromise.
Failed logon attempts make up the majority of Unsuccessful User Privilege Gain alerts. Determining whether the alert is a false positive requires investigation into the source and situation in which the alert was discovered. A good sign that something malicious is occurring is a large number of unsuccessful authentication attempts. An unusual number of attempts can indicate that an attacker is attempting a brute force method of attack. An example ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access