Trellix Endpoint Security unauthorized escalation of privilege was attempt detected
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、
お気軽にご連絡ください。
Goal
Detect events where an unauthorized attempt to escalate privileges was blocked or identified by Trellix Endpoint Security.
Strategy
Monitor for unauthorized attempts to gain higher levels of access or privileges on an endpoint. These events may indicate malicious activity, such as an attacker trying to elevate privileges to gain unauthorized control over systems, which could lead to further compromise or exploitation of sensitive data.
Triage and Response
- Confirm the details of the privilege escalation attempt, including the user or process that initiated it.
- Review the event details to understand the nature of the privilege escalation attempt, such as the method used.
- Examine the impacted endpoint using its hostname -
{{@attributes.analyzerhostname}} and IP address - {{@attributes.analyzeripv4}} to investigate potential vulnerabilities. - If the escalation attempt indicates a security threat, take immediate action to isolate the endpoint and perform a thorough investigation of potential unauthorized access.
- Ensure that user privileges are correctly assigned and review existing security policies to prevent similar attempts in the future.
