murrato1
Aug 16, 2021Copper Contributor
Sensitive entities
Hi all
I have been trying to trigger an event to determine whether the sensor is creating the alert I expect to see. To do this I added about 5 random accounts to my Domain Admins group (yes, this is test environment). I'm not seeing any alerts. I would expect this event to trigger the "Suspicious additions to sensitive groups" alert, but I get nothing.
I've configured auditing per the guidance from Microsoft and I can see the Audit Event ID 4728 being generated in the Security log.
Any thoughts on this? I am seeing other alerts, so I know the sensors are working generally.
Thanks
Tony