Windows User Account Activity Add User to Group (via Splunk)

info Nessus Network Monitor Plugin ID 710002

Synopsis

SIEM Pull Service has detected via Splunk query that, on this Windows system, a user was added to a group.

Description

SIEM Pull Service has detected via Splunk query that, on this Windows system, a user was added to a group. The query used was (sourcetype="WinEventLog:Security" Message="A member was added*group*")

Solution

N/A

Plugin Details

Severity: Info

ID: 710002

Family: Policy

Published: 8/20/2004

Updated: 5/18/2018

Detections

Analytics