Local Account Creation

Description

Triggered when an account is created on a workstation or endpoint. This is a local Windows account when the machine is joined to a domain.

Content Mapping

This content is not mapped to any local saved search. Add mapping


Use Case

Security Monitoring

Category

Endpoint Compromise, Privilege Escalation

Alert Volume

Very Low (?)

SPL Difficulty

None

Journey

Stage 1

MITRE ATT&CK Tactics

Persistence

MITRE ATT&CK Techniques

Create Account

Data Sources

Windows Security