Group Policy Abuse for Privilege Addition (1c480e10-7ee1-46d4-8ed2-85f9789e3ce4)

Detects the first occurrence of a modification to Group Policy Object Attributes to add privileges to user accounts or use them to add users as local admins.

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Group Policy Modification - T1484.001 (5d2be8b9-d24c-4e98-83bf-2f5f79477163)	Attack Pattern	Group Policy Abuse for Privilege Addition (1c480e10-7ee1-46d4-8ed2-85f9789e3ce4)	Sigma-Rules	1
Group Policy Modification - T1484.001 (5d2be8b9-d24c-4e98-83bf-2f5f79477163)	Attack Pattern	Domain or Tenant Policy Modification - T1484 (ebb42bbe-62d7-47d7-a55f-3b08b61d792d)	Attack Pattern	2