Standard User In High Privileged Group

Rule Info

Name
Standard User In High Privileged Group
Description
Detect standard users login that are part of high privileged groups such as the Administrator group
Modified
None
Date
2023-01-13 00:00:00
Author
frack113
Tags
attack.credential_access DEMO attack.privilege_escalation
Id
7ac407cc-0f48-4328-aede-de1d2e6fef41
Type
Community Rule

Rule History

Author
Commit
Title
Date
Wagga
fix: typos in multiple rules (#4011)
2023-02-06
Nasreddine Bencherchali
fix: apply suggestions from code review
2023-01-13
frack113
Add lsa-server
2023-01-13
frack113
Add lsa-server
2023-01-13