diff --git a/unified_log_filters/jamf_connect/jc_priviledge_escalation_events.yaml b/unified_log_filters/jamf_connect/jc_priviledge_escalation_events.yaml
new file mode 100644
index 0000000..c5937d9
--- /dev/null
+++ b/unified_log_filters/jamf_connect/jc_priviledge_escalation_events.yaml
@@ -0,0 +1,8 @@
+name: "Jamf Connect Privilege Elevation Events"
+description: "This Unified Log filter may be used to audit macOS account elevation requests, time frames, and reasoning. This filter functions by monitoring logging from the Jamf Connect daemon where the event message contains a known string indicating the behaviour."
+predicate: "subsystem == BEGINSWITH[c] "com.jamf.connect.daemon" AND category == "PrivilegeElevation""
+tags:
+  - visibility
+  - connect
+  - privileges
+enabled: true