Suspicious Reconnaissance Activity Using Get-LocalGroupMember Cmdlet (c8a180d6-47a3-4345-a609-53f9c3d834fc)

Detects suspicious reconnaissance command line activity on Windows systems using the PowerShell Get-LocalGroupMember Cmdlet

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Suspicious Reconnaissance Activity Using Get-LocalGroupMember Cmdlet (c8a180d6-47a3-4345-a609-53f9c3d834fc)	Sigma-Rules	Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e)	Attack Pattern	1
Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08)	Attack Pattern	Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e)	Attack Pattern	2