Managed Sentinel – Alert 015

Alert IDMS-A015
Alert NameCreation and modification of privileged account attributes
DescriptionThis alerts is triggered for creation and modification of privileged account attributes in a Windows Domain.
Severity LevelLow
Threat IndicatorRoot Access
MITRE ATT&CK TacticsPrivilege Escalation
Credential Access
Log sourcesWindows Security Event Logs
False PositiveMigration of an account into a new domain
RecommendationsIf change is not correlated with an approved internal events - subject to standard change management processes in your organization, reverse the change in Active Directory. Use Azure Sentinel to query and report all access from affected user account to other internal resources (lateral movement).