Malicious AD Activity
This anomaly contains multiple detection methods that look at Windows Event Logs for malicious activity (e.g., clearning audit logs). Check associated detection methods for an exhastive list of what triggers this anomaly.
This content is not mapped to any local saved search. Add mapping