Synopsis
Activation Period |
14 Days |
Training Period |
30 Days |
Test Period |
N/A (single event) |
Deduplication Period |
1 Day |
Required Data |
|
Detection Modules |
Identity Analytics |
Detector Tags |
|
ATT&CK Tactic |
|
ATT&CK Technique |
|
Severity |
Informational |
Description
A rare local administrator login was observed. This may indicate an attempt to change sensitive settings on the host.
Attacker's Goals
The attacker attempts to change sensitive settings on the host.
Investigative actions
Check for any other suspicious activity related to the host and the user involved in the alert.