Forum Discussion

murrato1's avatar
murrato1
Copper Contributor
Aug 16, 2021

Sensitive entities

Hi all

 

I have been trying to trigger an event to determine whether the sensor is creating the alert I expect to see. To do this I added about 5 random accounts to my Domain Admins group (yes, this is test environment). I'm not seeing any alerts. I would expect this event to trigger the "Suspicious additions to sensitive groups" alert, but I get nothing.

 

I've configured auditing per the guidance from Microsoft and I can see the Audit Event ID 4728 being generated in the Security log.

 

Any thoughts on this? I am seeing other alerts, so I know the sensors are working generally.

 

Thanks

Tony

Share