Create AdminSDHolder_Modifications.yaml

[vpaschalidis]

This query detects modification in the AdminSDHolder in the Active Directory which could indicate an attempt for persistence.
AdminSDHolder Modification is a persistence technique in which an attacker abuses the SDProp process in Active Directory to establish a persistent backdoor to Active Directory.
This query searches for the event id 5136 where the Object DN is AdminSDHolder.

Before submitting this PR please ensure that you have read the following sections and then completed the template below:

Thank you for your contribution to the Microsoft Sentinel Github repo.

The code should have been tested in a Microsoft Sentinel environment that does not have any custom parsers, functions or tables, so that you validate no incorrect syntax and execution functions properly.

Details of the code changes in your submitted PR. Providing descriptions for pull requests ensures, there is context to changes being made and greatly enhances the code review process. Providing associated Issues that this resolves also easily connects the reason.

Change(s):

• Updated syntax for XYZ.yaml

Reason for Change(s):

• New schema used for XYZ.yaml
• Resolves ISSUE Add Logstash required version to Readme file #1234

After the submission has been made, please look at the Validation Checks:

Check that the validations are passing and address any issues that are present. Let us know if you have tried fixing and need help.

References:

• Guidance for Detection checks
• General contribution guidance
• PR validation troubleshooting

PR Template

---

Description for the PR:
(Enter the description below)
This is a new detection that detects modification in the AdminSDHolder in the Active Directory which could indicate an attempt for persistence.

Testing Completed:
Yes/ No : Yes

---

[aprakash13]

Approving this as a simple detection.

[aprakash13]

Approved.