Managed Sentinel – Alert 232

Alert IDMS-A232
Alert NameUsers created by unauthorized administrators
DescriptionThis alert identifies users created by Windows AD administrators that are not on the approved list.
Severity LevelLow
Threat Indicator
MITRE ATT&CK TacticsPrivilegeEscalation
DefenseEvasion
Persistence
InitialAccess
Log sourcesSecurity Event
False Positives
Recommendations