more generic approach to the Admin* group

rules/windows/builtin/win_user_added_to_local_administrators.yml

@@ -5,7 +5,7 @@ description: This rule triggers on user accounts that are added to the local Adm
 status: stable
 author: Florian Roth
 date: 2017/03/14
-modified: 2021/06/16
+modified: 2021/06/25
 tags:
     - attack.privilege_escalation
     - attack.t1078
@@ -18,9 +18,7 @@ detection:
     selection:
         EventID: 4732
     selection_group1:
-        GroupName: 
-            - 'Administrators'
-            - 'Administrateurs'
+        GroupName|startswith: 'Administr'
     selection_group2:
         GroupSid: 'S-1-5-32-544'
     filter: