AD Privileged Users or Groups Reconnaissance (35ba1d85-724d-42a3-889f-2e2362bcaf23)

Detect priv users or groups recon based on 4661 eventid and known privileged users or groups SIDs

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	AD Privileged Users or Groups Reconnaissance (35ba1d85-724d-42a3-889f-2e2362bcaf23)	Sigma-Rules	1
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08)	Attack Pattern	2