Good afternoon all. After an attacker gathers the login credentials for a standard user account they will want to elevate those same credentials to become an administrator. I'm looking to see if there's a search that I can run which will look for something like that? I'd like to generate an e-mail alert.
I have the following set-up below...
Cisco Security Suite, IIS Logging, Splunk App for Web Analytics, MS Windows AD Objects, Splunk App for Windows Infrastructure, Splunk Support for Active Directory.
Thanks folks.
... View more