Synopsis
Activation Period |
14 Days |
Training Period |
30 Days |
Test Period |
N/A (single event) |
Deduplication Period |
1 Hour |
Required Data |
|
Detection Modules |
Identity Threat Module |
Detector Tags |
|
ATT&CK Tactic |
|
ATT&CK Technique |
|
Severity |
Informational |
Description
A user changed the Windows system time. This may be indicative of a malicious activity and may affect authentication from the source machine.
Attacker's Goals
A malicious insider might change their Windows system time. This action might affect the machine's ability to authenticate to the domain.
Investigative actions
Check for any other suspicious activity related to the host and the user involved in the alert.