This detection rule targets the elevation of privileges within Azure, specifically when an attacker attempts to upgrade their permissions to that of a User Access Administrator. This escalation is critical as it enables the attacker to manage user access rights, potentially compromising sensitive data and configurations within Azure. The rule leverages data from Azure activity logs and implements a logic format compatible with Splunk for effective querying of cloud data. By searching for events labeled 'elevateAccess' or 'User Access Administrator', it captures relevant activities that can indicate malicious intent. The results are organized in a tabular format that details significant parameters such as user identity, timestamps, and actions performed, which aids in analyzing patterns of behavior indicative of privilege escalation attempts.