Abnormally High Number of Endpoint Changes By User

Description

Detects an abnormally high number of endpoint changes by user account, as they relate to restarts, audits, filesystem, user, and registry modifications.