Tag
This rule identifies the creation of a process impersonating the token of another user logon session on Windows, potentially indicating privilege escalation.