Managed Sentinel – Alert 122
| Alert ID | MS-A122 |
| Alert Name | Windows Admin group modification |
| Description | This alerts is triggered for change in Admin group. |
| Severity Level | Low |
| Threat Indicator | Root Access |
| MITRE ATT&CK Tactics | Privilege Escalation Credential Access |
| Log sources | Windows Security Event Log |
| False Positive | Migration of an account into a new domain |
| Recommendations | Review the user accounts which have been modified and identify the account owners. Confirm if the request is valid. If not, disable the accounts immediately and start an investigation for discovery of account use into your organization. |