diff --git a/rules/macos/process_creation/proc_creation_macos_add_to_admin_group.yml b/rules-deprecated/macos/proc_creation_macos_add_to_admin_group.yml
similarity index 96%
rename from rules/macos/process_creation/proc_creation_macos_add_to_admin_group.yml
rename to rules-deprecated/macos/proc_creation_macos_add_to_admin_group.yml
index 9e221ddb6..ba813bf25 100644
--- a/rules/macos/process_creation/proc_creation_macos_add_to_admin_group.yml
+++ b/rules-deprecated/macos/proc_creation_macos_add_to_admin_group.yml
@@ -1,6 +1,6 @@
 title: User Added To Admin Group - MacOS
 id: 0c1ffcf9-efa9-436e-ab68-23a9496ebf5b
-status: experimental
+status: deprecated
 description: Detects attempts to create and/or add an account to the admin group, thus granting admin privileges.
 references:
     - https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1078.003/T1078.003.md#atomic-test-3---create-local-account-with-admin-privileges-using-sysadminctl-utility---macos
@@ -8,6 +8,7 @@ references:
     - https://ss64.com/osx/sysadminctl.html
 author: Sohan G (D4rkCiph3r)
 date: 2023/03/19
+modified: 2023/08/22
 tags:
     - attack.t1078.003
     - attack.initial_access
diff --git a/rules/macos/process_creation/proc_creation_macos_dscl_add_user_to_admin_group.yml b/rules/macos/process_creation/proc_creation_macos_dscl_add_user_to_admin_group.yml
new file mode 100644
index 000000000..c43d0806a
--- /dev/null
+++ b/rules/macos/process_creation/proc_creation_macos_dscl_add_user_to_admin_group.yml
@@ -0,0 +1,30 @@
+title: User Added To Admin Group Via Dscl
+id: b743623c-2776-40e0-87b1-682b975d0ca5
+related:
+    - id: 0c1ffcf9-efa9-436e-ab68-23a9496ebf5b
+      type: obsoletes
+status: experimental
+description: Detects attempts to create and add an account to the admin group via "dscl"
+references:
+    - https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1078.003/T1078.003.md#atomic-test-2---create-local-account-with-admin-privileges---macos
+    - https://ss64.com/osx/dscl.html
+author: Sohan G (D4rkCiph3r)
+date: 2023/03/19
+tags:
+    - attack.initial_access
+    - attack.privilege_escalation
+    - attack.t1078.003
+logsource:
+    category: process_creation
+    product: macos
+detection:
+    selection: #adds to admin group
+        Image|endswith: '/dscl'
+        CommandLine|contains|all:
+            - ' -append '
+            - ' /Groups/admin '
+            - ' GroupMembership '
+    condition: selection
+falsepositives:
+    - Legitimate administration activities
+level: medium
diff --git a/rules/macos/process_creation/proc_creation_macos_dseditgroup_add_to_admin_group.yml b/rules/macos/process_creation/proc_creation_macos_dseditgroup_add_to_admin_group.yml
new file mode 100644
index 000000000..d28829fa4
--- /dev/null
+++ b/rules/macos/process_creation/proc_creation_macos_dseditgroup_add_to_admin_group.yml
@@ -0,0 +1,28 @@
+title: User Added To Admin Group Via DseditGroup
+id: 5d0fdb62-f225-42fb-8402-3dfe64da468a
+status: experimental
+description: Detects attempts to create and/or add an account to the admin group, thus granting admin privileges.
+references:
+    - https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1078.003/T1078.003.md#atomic-test-5---add-a-newexisting-user-to-the-admin-group-using-dseditgroup-utility---macos
+    - https://ss64.com/osx/dseditgroup.html
+author: Sohan G (D4rkCiph3r)
+date: 2023/08/22
+tags:
+    - attack.initial_access
+    - attack.privilege_escalation
+    - attack.t1078.003
+logsource:
+    category: process_creation
+    product: macos
+detection:
+    selection:
+        Image|endswith: '/dseditgroup'
+        CommandLine|contains|all:
+            - ' -o edit ' #edit operation
+            - ' -a ' # username
+            - ' -t user'
+            - 'admin' # Group name
+    condition: selection
+falsepositives:
+    - Legitimate administration activities
+level: medium
diff --git a/rules/macos/process_creation/proc_creation_macos_sysadminctl_add_user_to_admin_group.yml b/rules/macos/process_creation/proc_creation_macos_sysadminctl_add_user_to_admin_group.yml
new file mode 100644
index 000000000..100a907ad
--- /dev/null
+++ b/rules/macos/process_creation/proc_creation_macos_sysadminctl_add_user_to_admin_group.yml
@@ -0,0 +1,30 @@
+title: User Added To Admin Group Via Sysadminctl
+id: 652c098d-dc11-4ba6-8566-c20e89042f2b
+related:
+    - id: 0c1ffcf9-efa9-436e-ab68-23a9496ebf5b
+      type: obsoletes
+status: experimental
+description: Detects attempts to create and add an account to the admin group via "sysadminctl"
+references:
+    - https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1078.003/T1078.003.md#atomic-test-3---create-local-account-with-admin-privileges-using-sysadminctl-utility---macos
+    - https://ss64.com/osx/sysadminctl.html
+author: Sohan G (D4rkCiph3r)
+date: 2023/03/19
+tags:
+    - attack.initial_access
+    - attack.privilege_escalation
+    - attack.t1078.003
+logsource:
+    category: process_creation
+    product: macos
+detection:
+    selection:
+        # Creates and adds new user to admin group
+        Image|endswith: '/sysadminctl'
+        CommandLine|contains|all:
+            - ' -addUser '
+            - ' -admin '
+    condition: selection
+falsepositives:
+    - Legitimate administration activities
+level: medium