Uncommon Net Group Execution

The
Uncommon Net Group Execution
Analytics alert indicates the
net group
command was used on an endpoint.

Synopsis

10 minutes
3 days
14 days
10 minutes
Cortex XDR agent endpoint data
Severity
Low

Description

The
net group
command is used to add, display, or modify domain-level groups.

Attacker's Goals

Attackers may attempt to use the command to find domain-level groups and permissions settings or modify domain-level group memberships.

Recommended For You