Detection rule to identify
- Alert on Add changes to privileged account permissions
- Alert on bulk deletion changes to privileged account permissions
- Changes to PIM settings
- Approvals and deny elevation
- Alert setting changes to disabled.
- Audit Alert Resource Audit log for Privileged account activities
- Audit Alert Resource Audit for Disable Alert
- Audit Alert Resource Audit for Disable Alert
- Audit Alert Resource Audit for Disable Alert