Help
FortiSIEM Discussions
dmontgomery
New Contributor III

Created on ‎02-15-2024 06:15 AM

Domain Controller User or Group Modification

Hello All:

 

We want to modify the Domain Controller User or Group Modification rule to give it a more narrow focus on Privileged groups only. Has anyone done this already and could share what you did?

 

Regards,

David

Labels:
1520
0 Kudos
11 REPLIES 11
FSM_FTNT
Staff
Staff
In response to dmontgomery

Created on ‎03-19-2024 12:59 AM

Hi, I tested this in the lab on 7.1.x and an incident is generated. Silly question maybe, but the rule is enabled after you imported it, right?

 

Have you got one of the raw logs that you believe it should trigger on? I could replay them and check the rule in the lab.

259
0 Kudos
dmontgomery
New Contributor III

Created on ‎03-19-2024 09:55 AM Edited on ‎03-19-2024 10:15 AM By Staff

Our version is 6.7.9.1763.

 

Here is the raw event:

   
   

<admin deleted event>

251
0 Kudos
Announcements

Welcome to your new Fortinet Community!

You'll find your previous forum posts under "Forums"

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.