Skip to content
Get A Demo
Sign Up Free

    Windows – Domain Administrator Account Creation

    Domain Administrator Account Creation SIEM Detection Test

    Detecting when new Windows Domain Administrator accounts are created is important to audit and ensure that they have been created for business purposes. Often the addition of these accounts results in significant risk and exposure to an organization and access should be limited as much as possible.

    How to Test Your SIEM Detections for Domain Administrator Account Creation

    Prerequisites: Be sure to configure the NxLog integrations for Windows on your Domain Controller before testing.

    Step 1: Login to your Domain Controller logging to Blumira

    Step 2: Go to "Users and Computers" in Active Directory

    Step 3: Create a new user account

    Step 4: Assign them to group "Domain Admins"

    Step 5: Once created and applied, a finding will generate in Blumira in the Responder Dashboard

    Step 6: Be sure to delete or disable the new domain admin user after testing is completed.

    Get Started for Free

    Experience the Blumira Free SIEM, with automated detection and response plus compliance reports for 3 cloud connectors, forever.

    Sign up