Domain or Tenant Policy Modification
Adversaries may modify the configuration settings of a domain or identity tenant to evade defenses and/or escalate privileges in centrally managed environments. Such services provide a centralized means of managing identity resources such as devices and accounts, and often include configuration settings that may apply between domains or tenants such as trust relationships, identity syncing, or identity federation. Modifications to domain or tenant settings may include altering domain Group Poli...
BY SOURCE
PROCEDURES (19)
Auto-extracted: 9 detections for general monitoring
Auto-extracted: 8 detections for authentication monitoring
Auto-extracted: 3 detections for privilege
Auto-extracted: 3 detections for exfiltrat
Auto-extracted: 3 detections for privilege
Auto-extracted: 2 detections for token
Auto-extracted: 2 detections for network connection monitoring
Auto-extracted: 2 detections for persist
Auto-extracted: 2 detections for phish
Auto-extracted: 1 detections for api
Auto-extracted: 1 detections for aws
Auto-extracted: 1 detections for service
Auto-extracted: 1 detections for exfiltrat
Auto-extracted: 1 detections for email security
Auto-extracted: 1 detections for remote
Auto-extracted: 1 detections for scheduled task
Auto-extracted: 1 detections for script execution monitoring
Auto-extracted: 1 detections for privilege
Auto-extracted: 1 detections for remote