Managed Sentinel – Alert 122

Alert IDMS-A122
Alert NameWindows Admin group modification
DescriptionThis alerts is triggered for change in Admin group.
Severity LevelLow
Threat IndicatorRoot Access
MITRE ATT&CK TacticsPrivilege Escalation
Credential Access
Log sourcesWindows Security Event Log
False PositiveMigration of an account into a new domain
RecommendationsReview the user accounts which have been modified and identify the account owners. Confirm if the request is valid.
If not, disable the accounts immediately and start an investigation for discovery of account use into your organization.