Privileged certificate request via certificate template

Cortex XSIAM Analytics Alert Reference by Alert name

Product

Cortex XSIAM

Last date published

2025-06-24

Activation Period	14 Days
Training Period	30 Days
Test Period	N/A (single event)
Deduplication Period	1 Day
Required Data	Requires one of the following data sources: Windows Event Collector OR XDR Agent with eXtended Threat Hunting (XTH)
Detection Modules	Identity Analytics
Detector Tags	Active Directory Certificate Services Analytics
ATT&CK Tactic	Privilege Escalation (TA0004)
ATT&CK Technique	Valid Accounts: Domain Accounts (T1078.002)
Severity	Informational

A privileged certificate was requested via certificate template.

An attacker may attempt to exploit the Active Directory Certificate Services to escalate privileges to a domain controller or privileged account.

ATT&CK Tactic	Privilege Escalation (TA0004)
ATT&CK Technique	Valid Accounts: Domain Accounts (T1078.002)
Severity	Medium

A suspicious privileged certificate request was denied via certificate template.

An attacker may attempt to exploit the Active Directory Certificate Services to escalate privileges to a domain controller or privileged account.

ATT&CK Tactic	Privilege Escalation (TA0004)
ATT&CK Technique	Valid Accounts: Domain Accounts (T1078.002)
Severity	Low

A suspicious privileged certificate was requested via certificate template.

An attacker may attempt to exploit the Active Directory Certificate Services to escalate privileges to a domain controller or privileged account.