User Added To Admin Group Via DseditGroup (5d0fdb62-f225-42fb-8402-3dfe64da468a)

Detects attempts to create and/or add an account to the admin group, thus granting admin privileges.

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Local Accounts - T1078.003 (fdc47f44-dd32-4b99-af5f-209f556f63c2)	Attack Pattern	User Added To Admin Group Via DseditGroup (5d0fdb62-f225-42fb-8402-3dfe64da468a)	Sigma-Rules	1
Local Accounts - T1078.003 (fdc47f44-dd32-4b99-af5f-209f556f63c2)	Attack Pattern	Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81)	Attack Pattern	2