---
title: JumpCloud admin granted system privileges
description: Datadog, the leading service for cloud-scale monitoring.
breadcrumbs: >-
  Docs > Datadog Security > OOTB Rules > JumpCloud admin granted system
  privileges
---

# JumpCloud admin granted system privileges
Classification:attackTactic:[TA0003-persistence](https://attack.mitre.org/tactics/TA0003)Technique:[T1098-account-manipulation](https://attack.mitre.org/techniques/T1098) 
## Goal{% #goal %}

Detect when a JumpCloud user grants administrative privileges on a user endpoint. This is not indicative of malicious activity, but detecting this event is valuable for auditing.

## Strategy{% #strategy %}

This rule monitors JumpCloud audit logs to detect when a user triggers the `@evt.name` of `system_admin_grant`.

## Triage and response{% #triage-and-response %}

1. Reach out to the admin making the change (`{{@usr.email}}`) to confirm that the user `(@usr.name`) should have administrative privileges on the specified resource (`@resource.name`).
1. If the change was not authorized, reverify there are no other signals from the jumpcloud admin: {{@usr.email}} and the system (`@resource.name`).