STEALTHbits ProTip: StealthINTERCEPT User Objects

STEALTHbits ProTip: StealthINTERCEPT User Objects

Customers using StealthINTERCEPT often ask the question how to quickly find all the changes made to a user object including all group membership adds and deletes. The Investigation feature can be used to perform this search. Here’s how: first, make sure all policies are selected. Then, under the Other category, click both Class and Attribute. For the changes made directly to a user, for Class enter in User, and under attribute enter in a partial string for the user you want to look for. IE ‘Administrator’. Click Refresh. This will return all changes made to the user object such as lockouts, email address, department, phone etc.

To see any groups where the user was added or removed, simply change the Class setting to Group and hit refresh. Now all the group membership changes will be displayed.

For more information, contact STEALTHbits Support at

Don’t miss a post! Subscribe to The Insider Threat Security Blog here:


Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.

Start a Free Stealthbits Trial!

No risk. No obligation.