cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Sensitive entities

murrato1
Copper Contributor

‎Aug 15 2021 08:54 PM

‎Aug 15 2021 08:54 PM

Sensitive entities

Hi all

 

I have been trying to trigger an event to determine whether the sensor is creating the alert I expect to see. To do this I added about 5 random accounts to my Domain Admins group (yes, this is test environment). I'm not seeing any alerts. I would expect this event to trigger the "Suspicious additions to sensitive groups" alert, but I get nothing.

 

I've configured auditing per the guidance from Microsoft and I can see the Audit Event ID 4728 being generated in the Security log.

 

Any thoughts on this? I am seeing other alerts, so I know the sensors are working generally.

 

Thanks

Tony

1,376 Views
2 Likes
3 Replies
Reply
3 Replies
Chris_Carbine

‎Aug 20 2021 09:00 AM

‎Aug 20 2021 09:00 AM

Re: Sensitive entities

@murrato1 I am receiving the same issue. I have added accounts to the domain admins group which should trigger an alert but nothing happens.  

0 Likes
Reply
Or Tsemah

‎Sep 01 2021 06:29 AM

‎Sep 01 2021 06:29 AM

Re: Sensitive entities

@murrato1 Adding @Daniel Naim 

0 Likes
Reply
fankydotorg

‎Nov 26 2021 07:46 AM

‎Nov 26 2021 07:46 AM

Re: Sensitive entities

Hi @murrato1 

 

We have the same issue.  Are you aware of the fact that this Alert has a learning period of four weeks since the first event was logged? 

Microsoft Defender for Identity domain dominance security alerts | Microsoft Docs

 

If you found any solutions meanwhile it would be great if you can share it. 

 

best regards

0 Likes
Reply