Can Orion 2018.2 monitor the creation of local user accounts on servers and send out alerts. security dept wants to be alerted to the creation of any local account on a server.
Possible?
Assuming you have SAM yes, local account creation registers an event 4720 in Windows. There is an OOTB template called Domain Controller Security that has a monitor for that event ID, but if you want to monitor it on all servers then you would probably want to copy it out of that template and create a new template that you would need to apply to all windows servers.
