Back Arrow Back to All Integrations

Domain Administrator Account Creation

Domain Administrator Account Creation SIEM Detection Test

Detecting when new Windows Domain Administrator accounts are created is important to audit and ensure that they have been created for business purposes. Often the addition o these accounts results in significant risk and exposure to an organization and access should be limited as much as possible.

How to Test Your SIEM Detections for Domain Administrator Account Creation

Step 1: Access Windows Active Directory

Step 2: Create a new Windows Domain Administrator Account.

Step 3: Once you have confirmed account creation has been detected, disable or delete the Windows Domain Administrator that has been created.