User Added to Local Administrator Group (c265cf08-3f99-46c1-8d59-328247057d57)

Detects the addition of a new member to the local administrator group, which could be legitimate activity or a sign of privilege escalation activity

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27)	Attack Pattern	User Added to Local Administrator Group (c265cf08-3f99-46c1-8d59-328247057d57)	Sigma-Rules	1
User Added to Local Administrator Group (c265cf08-3f99-46c1-8d59-328247057d57)	Sigma-Rules	Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81)	Attack Pattern	1