Privilege escalations at the endpoint often go unnoticed, and are a leading cause of data breaches and insider theft. Using the ServiceNow Action Module in conjunction with StealthAUDIT privileged access scans across desktop and server infrastructure, users can automate the creation of Incidents and review each privilege escalation. By revoking rights to align with least privilege principles, organizations can effectively and proactively reduce their threat surface.
Local Admin Removal with ServiceNow action module
After scanning user desktops for excessive privileges, the ServiceNow Action Module can be configured to open a ticket to document the findings and document what further action to take.