Uncommon net localgroup Execution

The
Uncommon net localgroup Execution
Analytics alert indicates the
net localgroup
command was used on an endpoint.

Synopsis

10 minutes
3 days
14 days
10 minutes
Cortex XDR agent endpoint data
Severity
Varies by activity (High, Medium, or Low).

Description

The
net localgroup
command is used to add, display, or modify groups local to the endpoint.

Attacker's Goals

Attackers can attempt to use the command to find endpoint groups and permissions settings or modify local group memberships.

Recommended For You