Uncommon net localgroup Execution

The Uncommon net localgroup Execution alert indicates the net localgroup command was used on an endpoint.

Synopsis

10 minutes.
3 days.
14 days.
10 minutes.
Traps endpoint data.
Discovery.

Description

The net localgroup command is used to add, display, or modify groups local to the endpoint.

Attacker's Goals

Attackers can attempt to use the command to find endpoint groups and permissions settings or modify local group memberships.

Related Documentation