Skip to content

DS0036 Group

A collection of multiple user accounts that share the same access rights to the computer and/or network resources and have common security rights1

Item Value
ID DS0036
Platforms Azure AD, Google Workspace, IaaS, Office 365, SaaS, Windows
Collection Layers Cloud Control Plane, Host
Version 1.0
Created 20 October 2021
Last Modified 30 March 2022

Data Components

Group Enumeration

An extracted list of available groups and/or their associated settings (ex: AWS list-groups)

Domain ID Name
enterprise T1069 Permission Groups Discovery
enterprise T1069.003 Cloud Groups

Group Metadata

Contextual data about a group which describes group and activity around it, such as name, permissions, or user accounts within the group

Domain ID Name
enterprise T1069 Permission Groups Discovery
enterprise T1069.003 Cloud Groups

Group Modification

Changes made to a group, such as membership, name, or permissions (ex: Windows EID 4728 or 4732, AWS IAM UpdateGroup)

Domain ID Name
enterprise T1098 Account Manipulation
enterprise T1098.002 Additional Email Delegate Permissions

References

Back to top