Under Review

[Datalake] Domain Admin Logins

I'm wanting to create a query against the datalake that would report logins by users in the Domain Admins active directory group. I have seen examples for locating local admins, but I haven't seen any information on getting information about domain admin members. Is this possible to do with Sophos XDR? My goal is to have a daily query that shows all domain admin logins for the last 24 hours. Right now I'm a bit lost on how to get started on this task.