-
Notifications
You must be signed in to change notification settings - Fork 82
GroupMembers
Tony Phipps edited this page Mar 22, 2018
·
4 revisions
Tactic: Defense Evasion, Privilege Escalation
- Select UserDomain, UserName, GroupName
Monitor users in the local administrator group on system.
Tactic: Defense Evasion, Persistence, Privilege Escalation
- Select UserDomain, UserName, GroupName
Monitor for accounts that may have been created by an adversary for persistence.
Tactic: Credential Access
- Select UserDomain, UserName, GroupName
Monitor for modification of accounts in correlation with other suspicious activity.