Hidden Local User Creation (7b449a5e-1db5-4dd0-a2dc-4e3a67282538)

Detects the creation of a local hidden user account which should not happen for event ID 4720.

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Hidden Local User Creation (7b449a5e-1db5-4dd0-a2dc-4e3a67282538)	Sigma-Rules	Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762)	Attack Pattern	1
Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67)	Attack Pattern	Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762)	Attack Pattern	2