Managed Sentinel – Alert 232
| Alert ID | MS-A232 |
| Alert Name | Users created by unauthorized administrators |
| Description | This alert identifies users created by Windows AD administrators that are not on the approved list. |
| Severity Level | Low |
| Threat Indicator | |
| MITRE ATT&CK Tactics | PrivilegeEscalation DefenseEvasion Persistence InitialAccess |
| Log sources | Security Event |
| False Positives | |
| Recommendations |