Privileged-Access-Detection

A machine learning job detected a user accessing an uncommon group name for privileged operations, potentially indicating privilege escalation or unauthorized account manipulation on a Windows system.

A machine learning job has identified an unusually high median command line entropy for privileged commands executed by a user on Linux systems, suggesting possible privileged access activity through command lines, indicating potential obfuscation or unauthorized use of privileged access.

A machine learning job detected an unusual increase in special privilege usage events on Windows, such as privileged operations and service calls, potentially indicating unauthorized privileged access and privilege escalation attempts.

A machine learning job detected a user performing privileged operations in Windows from an uncommon source IP, potentially indicating account compromise or privilege escalation.

A machine learning job has identified a user performing privileged operations in Windows from an uncommon device, indicating potential privileged access activity associated with compromised accounts or insider threats.

A machine learning job detected a user performing privileged operations in Okta from an uncommon device, potentially indicating a compromised account or insider threat attempting privilege escalation.