1. Home
  2. Data Sources
  3. Group

Group

A collection of multiple user accounts that share the same access rights to the computer and/or network resources and have common security rights[1]

ID: DS0036
Platforms: Azure AD, Google Workspace, IaaS, Office 365, SaaS, Windows
Collection Layers: Cloud Control Plane, Host
Contributors: Center for Threat-Informed Defense (CTID)
Version: 1.0
Created: 20 October 2021
Last Modified: 10 November 2021

Data Components

Group: Group Enumeration

An extracted list of available groups and/or their associated settings (ex: AWS list-groups)

Group: Group Enumeration

An extracted list of available groups and/or their associated settings (ex: AWS list-groups)

Domain ID Name
Enterprise T1069 Permission Groups Discovery
.003 Cloud Groups

Group: Group Metadata

Contextual data about a group which describes group and activity around it, such as name, permissions, or user accounts within the group

Group: Group Metadata

Contextual data about a group which describes group and activity around it, such as name, permissions, or user accounts within the group

Domain ID Name
Enterprise T1069 Permission Groups Discovery
.003 Cloud Groups

Group: Group Modification

Changes made to a group, such as membership, name, or permissions (ex: Windows EID 4728 or 4732, AWS IAM UpdateGroup)

Group: Group Modification

Changes made to a group, such as membership, name, or permissions (ex: Windows EID 4728 or 4732, AWS IAM UpdateGroup)

Domain ID Name
Enterprise T1098 Account Manipulation
.002 Exchange Email Delegate Permissions

References

  1. Amazon. (n.d.). IAM user groups. Retrieved October 13, 2021.