title: A member was added to a security-enabled universal group.
description: hogehoge
author: DeepblueCLI, Zach Mathis
detection:
    selection:
        Channel: Security
        EventID: 4756
        TargetUserName: Administrators
    # condition: selection
falsepositives:
    - unknown
output: 'user added to universal Administrators UserName: %MemberName% SID: %MemberSid%'
creation_date: 2020/11/8
updated_date: 2020/11/8