MITRE ATT&CK detection coverage

← Back to main site

Home/ MITRE Matrix/ Defense Evasion/ T1484.001

T1484.001Group Policy Modification

T1484.001 — Group Policy Modification is a MITRE ATT&CK technique in the Defense Evasion tactic. Clankerusecase tracks 10 detection use cases covering it.

Defense EvasionPrivilege Escalation

View on the matrix → Filter Detection Library MITRE official spec ↗

10Use cases

0Articles

0Sub-techniques

2Tactics

↑ Parent technique: T1484 · Domain or Tenant Policy Modification

Use cases covering this technique (10)

Windows AD GPO Deleted ESCU actions · alerting P Windows AD GPO Disabled ESCU actions · alerting P Windows AD GPO New CSE Addition ESCU actions · alerting P Windows Admon Default Group Policy Object Modified ESCU actions · alerting P Windows Admon Group Policy Object Created ESCU actions · alerting P Windows Default Group Policy Object Modified ESCU actions · alerting P Windows Default Group Policy Object Modified with GPME ESCU actions · alerting P Windows Group Policy Object Created ESCU actions · alerting P Windows Scheduled Task Created in a Group Policy Object ESCU actions · alerting P Windows AD Suspicious GPO Modification ESCU actions · alerting P