Detections
Analytics
Permission Groups Discovery: Local Groups
Description
Adversaries may attempt to find local system groups and permission settings. The knowledge of local system permission groups can help adversaries determine which groups exist and which users belong to a particular group. Adversaries may use this information to determine which users have elevated permissions, such as the users found within the local administrators group.
Products, Sensors, and Dependencies
| Product | Dependencies | Data source | Access required | Protocol | Data Collected | Notes |
|---|---|---|---|---|---|---|
| Tenable Vulnerability Management | Advanced Network Scan | Windows machines | Authenticated Scan | WMI | List of Local Users, Groups and Memberships | Plugin ID: 71246 |
References
Attack Path Technique Details
Framework: MITRE ATT&CK
Family: Discovery
Technique: Permission Groups Discovery
Sub-Technique: Local Groups
Platform: Windows
Products Required: Tenable Vulnerability Management
Tenable Release Date: 2022 Q2