7,023 questions
User and group membership reconnaissance (SAMR)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(297.6, 40%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGO%3C/text%3E%3C/svg%3E)
George OCAK
70
Reputation points
Hello,
We have received "User and group membership reconnaissance (SAMR)" from defender.
I only see the enumeration events no commands, process etc. related.
I was wondering how to find root cause for these queries from the user machine.
There is nothing seems suspicious but still we try to find what user machines made these.
Thanks.
Windows for business | Windows Client for IT Pros | Directory services | Active Directory
Microsoft Security | Microsoft Defender | Microsoft Defender for Identity
Sign in to answer