Windows Default Domain GPO Modification (e5ac86dd-2da1-454b-be74-05d26c769d7d)

Detects modifications to Default Domain or Default Domain Controllers Group Policy Objects (GPOs). Adversaries may modify these default GPOs to deploy malicious configurations across the domain.

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Group Policy Modification - T1484.001 (5d2be8b9-d24c-4e98-83bf-2f5f79477163)	Attack Pattern	Windows Default Domain GPO Modification (e5ac86dd-2da1-454b-be74-05d26c769d7d)	Sigma-Rules	1
Domain or Tenant Policy Modification - T1484 (ebb42bbe-62d7-47d7-a55f-3b08b61d792d)	Attack Pattern	Group Policy Modification - T1484.001 (5d2be8b9-d24c-4e98-83bf-2f5f79477163)	Attack Pattern	2