In some examples, closed loop monitoring based privileged access control may include identifying a ticket that includes a specification of an incident that is to be remedied and determining an intent of the ticket. A privileged access command library may be analyzed to determine a plurality of privileged access steps that can be performed to remedy the incident. A source file associated with procedures that were performed to remedy the incident may be analyzed. A plurality of events may be identified using the source file and filtered based on the plurality of privileged access steps that can be performed to remedy the incident. At least one event that includes at least one other privileged access step that is not one of the plurality of privileged access steps that can be performed to remedy the incident may be identified, and instructions may be generated to remedy the identified event.