SIEM & SOC fundamentals help

blondoebb · February 29, 2024, 12:33pm

Continuing the discussion from SIEM & SOC fundamentals help:

User performing the action	User added	Group modified	Action perrmed	Action performed on	@timestamp per week	Count of records
Administrator	S-1-5-21-1518138621-4282902758-752445584-1111	Administrators	added-member-to-group	PKI.eagle.local	2023-03-06	1

when i use this date, i have a wrong result.help me

K1ND · March 19, 2024, 9:53am

Hello sir
Did you find this answer?

Jules · September 12, 2024, 2:32am

Does anyone have any answers for this question?

Topic		Replies	Views
SIEM & SOC fundamentals help Academy	15	2092	September 12, 2024
SIEM Visualization Example 4: Users Added Or Removed From A Local Group (Within A Specific Timeframe) Academy question , troubleshooting , academy	5	223	December 11, 2024
List the SID associated with the HR security group you created Academy windows , windows-server , windows-fundamentals	14	4889	September 6, 2024
SIEM Visualization Example 4 doesn't make sense Academy	6	733	October 28, 2024
Windows Fundamentals last exercise Off-topic	3	449	September 12, 2021