User Added To Highly Privileged Group (10fb649c-3600-4d37-b1e6-56ea90bb7e09)
Detects addition of users to highly privileged groups via "Net" or "Add-LocalGroupMember".
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) | Attack Pattern | User Added To Highly Privileged Group (10fb649c-3600-4d37-b1e6-56ea90bb7e09) | Sigma-Rules | 1 |