Reconnaissance Activity (968eef52-9cff-4454-8992-1e74b9cbad6c)

Detects activity as "net user administrator /domain" and "net group domain admins /domain"

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Reconnaissance Activity (968eef52-9cff-4454-8992-1e74b9cbad6c)	Sigma-Rules	Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	1
Reconnaissance Activity (968eef52-9cff-4454-8992-1e74b9cbad6c)	Sigma-Rules	Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	1
Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08)	Attack Pattern	Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	2
Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce)	Attack Pattern	Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	2