User Added To Admin Group Via Sysadminctl (652c098d-dc11-4ba6-8566-c20e89042f2b)

Detects attempts to create and add an account to the admin group via "sysadminctl"

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
User Added To Admin Group Via Sysadminctl (652c098d-dc11-4ba6-8566-c20e89042f2b)	Sigma-Rules	Local Accounts - T1078.003 (fdc47f44-dd32-4b99-af5f-209f556f63c2)	Attack Pattern	1
Local Accounts - T1078.003 (fdc47f44-dd32-4b99-af5f-209f556f63c2)	Attack Pattern	Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81)	Attack Pattern	2