Tag
low
advisory
Group Policy Discovery via Microsoft GPResult Utility
2 rules 1 TTPDetects the execution of `gpresult.exe` with arguments `/z`, `/v`, `/r`, or `/x` on Windows systems, which attackers may use during reconnaissance to enumerate Group Policy Objects and identify opportunities for privilege escalation or lateral movement.
M365 Defender +1
discovery
windows
group_policy
2r
1t
medium
advisory
Windows AD GPO Disabled
3 rules 1 TTPDetection of Active Directory Group Policy being disabled using the Group Policy Management Console, potentially indicating malicious attempts to weaken security controls.
Splunk Enterprise +3
active_directory
group_policy
persistence
3r
1t