Filling the Gaps in Active Directory Monitoring

Webinar Registration

Monitoring changes in Active Directory can help you:

  • Detect a persistent threat actor creating a back door account
  • Spot a separation of duties violation
  • Enforce accountability on privileged users
  • Identify hi-jacked administrator accounts

And of course much more. Not to mention meeting compliance requirements. AD is the heart of security even in today's hybrid cloud environment.

Windows devotes 2 categories of the Windows Security Log to AD monitoring

  • Account Management
  • Directory Service

I'm going to take you on a deep dive into the Event IDs generated by of these categories in this real training for free ™ webinar. The difference between these 2categories is that Account Management audits just users, groups and computer accounts and produces distinct event IDs for each action tracked by the category. The events are easy to understand. But they don't track every type of object in AD nor does this category track every possible action on those objects.

That's where the Directory Service category comes in. It's a more general, low level set of event IDs but it allows you to track any type of object in AD and more actions. In particular Directory Service is what you use if you want to track 2 extremely important things: group policy object (GPO) changes and delegations of privileged authority on organizational units (OU) and other objects. I will show you how to audit these important security events in your AD and why they are so important.

However, there are significant gaps between the information you need and what the native security log actually provides. For instance, native Windows auditing can tell you that Bob modified a group policy object (GPO) but not which setting, out of hundreds, he actually edited. In this webinar I'll clearly show you what you CAN accomplish with the native security log for monitoring Active Directory and I will show you what you really CAN'T. Then Dell Software's Brian Hymer will briefly show you how Dell Change Auditor fills these gaps in a simple but powerful What, When, Why and Where model.

Don't miss this real training for free ™ event. Please register now!

First Name:   
Last Name:   
Work Email:  
Job Title:  
Zip/Postal Code:  
How many employees in your organization?:
Organization Type :

Your information will be shared with the sponsor.

By clicking "Submit", you're agreeing to our Privacy Policy and consenting to be contacted by us and the sponsor.



Additional Resources