Chat now with support
Chat mit Support

Change Auditor Threat Detection 7.1.1 - User Guide

Threat indicators

The following tables contain indicators (and the alert that they are associated with) available for each Change Auditor subsystem:

 

 

Abnormal Active Directory Change Time

Non-Standard Hours

 

A user made Active Directory changes at an abnormal time.

Abnormal Active Directory Change

 

Abnormal AD Changes

A user made an abnormal change to AD attribute.

Abnormal Site

Abnormal Site Access

A user logged on from a computer in an abnormal site.

Multiple Member Additions to Enterprise Critical Groups

See the list of groups in the Change Auditor for Active Directory Event Reference Guide for "Member Added to Critical Enterprise Group”.

Mass Changes to Critical Enterprise Groups

A user successfully made multiple changes to sensitive groups.

Multiple Group Membership Changes

Mass Changes to Groups

 

A user successfully made multiple changes to groups.

Multiple Account Management Changes

Abnormal AD Changes

 

A user successfully made multiple Active Directory changes.

Multiple User Account Management Changes

Abnormal AD Changes

 

A user successfully made multiple sensitive Active Directory changes.

Multiple Failed Account Management Changes

Abnormal AD Changes

 

A user failed to make multiple Active Directory changes.

Admin Password Changed

Admin Password Change

An admin's password was changed.

User Account Enabled

Sensitive User Status Changes

A user enabled another user account.

User Account Disabled

Sensitive User Status Changes

A user disabled another user account.

User Account Unlocked

Sensitive User Status Changes

A user unlocked another user account.

User Account Type Changed

Sensitive User Status Changes

A user account type was changed by another user account.

User Account Locked

Sensitive User Status Changes

A user locked another user account.

User Password Never Expires Option Changed

Sensitive User Status Changes

 

A user password policy was changed by another user account.

User Password Changed by Non-Owner

Sensitive User Status Changes

 

A user's password was changed by non-owner.

User Password Changed

Sensitive User Status Changes

A user changed the password for another user account.

Member Added to Critical Enterprise Group

Elevated Privileges Granted

 

A user was added to a privileged group.

 

 

 

Verwandte Dokumente
Change Auditor Threat Detection - 7.1.1
Deployment Guide
User Guide
Showing 1 to 2 of 2 rows

The document was helpful.

Bewertung auswählen

I easily found the information I needed.

Bewertung auswählen