Windows User Account Activity Remove User from Group (via Splunk)

info Nessus Network Monitor Plugin ID 710003

Synopsis

SIEM Pull Service has detected via Splunk query that, on this Windows system, a user was removed from a group.

Description

SIEM Pull Service has detected via Splunk query that, on this Windows system, a user was removed from a group. The query used was (sourcetype="WinEventLog:Security" Message="A member was removed*group*")

Solution

N/A

Plugin Details

Severity: Info

ID: 710003

Family: Policy

Published: 8/20/2004

Updated: 5/18/2018

Detections

Analytics