It seems like your browser didn't download the required fonts. Please revise your security settings and try again.

Login Sign Up Contact & Support

United States – English (GMT-5)

Email Protection

Total Email Protection

Email Gateway Defense (Email Security)

Impersonation Protection (Sentinel)

Cloud Archiving Service

Security Awareness Training (PhishLine)

Email Security Gateway

Incident Response

Message Archiver

WAF-as-a-Service

Web Application Firewall

Cloud Security Guardian

Load Balancer ADC

Vulnerability Manager

Vulnerability Remediation Service

WAF Control Center

Active DDoS Prevention

Reporting Server

CloudGen Firewall

CloudGen Access

Network Access Client

Firewall Insights

Web Security Gateway

Web Security Agent

Firewall Policy Manager

Cloud-to-Cloud Backup

RMM (Managed Workplace)

Managed Security Awareness Training (Managed Phishline)

Intronis Backup (ECHOplatform)

MSP Knowledge Base

Site Security Scanner

MSP – Partner Enablement

NextGen Firewall X

Server Backup (Yosemite)

Campus Help Center / Reference

Domain Fraud Protection

Network Security

Support Services

Barracuda XDR

Overview Documentation Materials

Email Protection

Total Email Protection

Email Gateway Defense (Email Security)

Impersonation Protection (Sentinel)

Cloud Archiving Service

Security Awareness Training (PhishLine)

Email Security Gateway

Incident Response

Message Archiver

WAF-as-a-Service

Web Application Firewall

Cloud Security Guardian

Load Balancer ADC

Vulnerability Manager

Vulnerability Remediation Service

WAF Control Center

Active DDoS Prevention

Reporting Server

CloudGen Firewall

CloudGen Access

Network Access Client

Firewall Insights

Web Security Gateway

Web Security Agent

Firewall Policy Manager

Cloud-to-Cloud Backup

RMM (Managed Workplace)

Managed Security Awareness Training (Managed Phishline)

Intronis Backup (ECHOplatform)

MSP Knowledge Base

Site Security Scanner

MSP – Partner Enablement

NextGen Firewall X

Server Backup (Yosemite)

Campus Help Center / Reference

Domain Fraud Protection

Network Security

Support Services

Login Sign Up Contact & Support

United States – English (GMT-5)

Simulating Log Monitoring Threats

Last updated on 2023-11-21 13:20:57

The use case for this test is Privilege Escalation—Add a user to the Domain Admins Group.

Privilege Escalation is a common way for an attacker to gain unauthorized asses to a system/account. In many cases that first point of attack will not grant attackers with the level of access they need. They will then attempt privilege escalation to gain more permissions or obtain access to additional, more sensitive systems.

Log Monitoring 1.png

How to Test

Testing is only for clients which WMI logs are being monitored. This activity can only be done by a Local Admin or a Domain Admin. There are usually very few admin users chosen within an organization, so these actions should be closely monitored for any unauthorized activity.

Open Start > Computer Management > Local Users and Groups.
Click on Users, right-click on the user and click Properties.
On the Member Of tab, click Add.
Click Advanced, then Find Now.
Look for Domain Admins in the search results. Click OK.
This adds the user to the Domain Admins group. Click OK.
Click Advanced, then Find Now.
Look for Domain Admins in the search results. Click OK.

Simulating Other Threats

You can simulate the following threats:

You can also view Threat Simulation videos. See Threat Simulation Videos.

Previous Article Next Article