Security Guardian Current

Security Guardian Current - Release Notes

New Features Enhancements Known Issues Incident response management System Requirements Product licensing Third Party Contributions

Indicators from On Demand Audit

The following table contains an alphabetical list of all indicators that originate from On Demand Audi, .

Indicator	Indicator Type	Severity
Active Directory Database (NTDS.dit) access attempt detected	Detected TTP	Critical
AD Database (NTDS.dit) file modification attempt detected	Detected TTP	Critical
AD schema configuration changes	Detected TTP	Critical
Administrative privilege elevation detected (adminCount attribute)	Detected TTP	Critical
Domain level group policy linked changes detected	Detected TTP	Critical
File changes with suspicious file extensions	Detected TTP	Critical
Irregular Active Directory replication activity detected (DCSync)	Detected TTP	Critical
Irregular domain controller registration detected (DCShadow)	Detected TTP	Critical
NTLM version 1 authentications	Detected TTP	Medium
Possible Golden Ticket Kerberos exploit	Detected TTP	Critical
Potential sIDHistory injection detected	Detected TTP	Critical
Security changes to Tier Zero computer objects	Detected TTP	High
Security changes to Tier Zero domain objects	Detected TTP	Critical
Security changes to Tier Zero group objects	Detected TTP	Critical
Security changes to Tier Zero group policy objects	Detected TTP	Critical
Security changes to Tier Zero user objects	Detected TTP	Critical
Suspicious group ESX Admins created or member added	Detected TTP	High
Tier Zero computer changes	Detected TTP	High
Tier Zero domain and forest configuration changes	Detected TTP	Critical
Tier Zero group changes	Detected TTP	Critical
Tier Zero group policy object changes	Detected TTP	Critical
Tier Zero user changes	Detected TTP	High
Tier Zero user logons to computers that are not Tier Zero	Detected TTP	Critical
Unsafe encryption used in Kerberos ticket (vulnerable to Kerberoasting)	Detected TTP	Critical
Unusual increase in AD account lockouts	Detected Anomaly	Critical
Unusual increase in failed AD changes	Detected Anomaly	Critical
Unusual increase in failed AD Federation Services sign-ins	Detected Anomaly	Critical
Unusual increase in failed on-premises sign-ins	Detected Anomaly	Critical
Unusual increase in file deletes	Detected Anomaly	Critical
Unusual increase in file renames	Detected Anomaly	Critical
Unusual increase in permission changes to AD objects	Detected Anomaly	Critical
Unusual increase in share access permission changes	Detected Anomaly	Critical
Unusual increase in successful AD Federation Services sign-in	Detected Anomaly	Critical
Unusual increase in successful on-premises sign-ins	Detected Anomaly	Critical
User ServicePrincipalName attribute changed (vulnerable to Kerberoasting)	Detected TTP	Critical

Please select your product:

To serve you better, please complete the Purpose of your Chat:

Recommended Solutions for Your Problem

Security Guardian Current - Release Notes

Indicators from On Demand Audit