Tag
This rule identifies attempts to create new users on Windows systems using net.exe, a common tactic used by attackers to increase access or establish persistence.