Alerting on Active Directory group name

Nov 27, 2019
I'm trying to work on alerting to changes to groups in Active Directory like the Domain Admins group.

I can see the event in investigate, I can also see the group name 'Domain Admins' is in the event, but I noticed that the icon looks different to other meta keys, and in investigate it appears that the group meta key doesn't work either.


I assume that the meta key 'Group' is not defined properly somewhere.