Auditing Active Directory Changes with the Windows Security Log

Webinar Registration

Active Directory is at the heart of security for on-prem networks and every cloud that integrates with AD via federation and/or synchronization. 

If AD isn’t secure – nothing’s secure. That’s why it’s so important to know what’s happening in AD and when it happens. AD is a big place and you often need to allow multiple parties to make changes in AD if you are to remain responsive to business and security needs. But that means it can quickly get messy and cluttered and ultimately insecure. You need to know who made the change, why it was made and if it complies with your change control, security policies and privileged access rules.

Besides tracking changes made by internal staff and systems, monitoring AD is also crucial in order to catch and disrupt intruders. APT groups use several tactics that involve changes to AD, including the creation of backdoor accounts intended to ensure persistence while flying below the radar or to push out malware or configuration changes that facilitate lateral movement.

AD comes with extensive audit capabilities baked into the product. In this webinar I will show you the following audit policies and how they apply to AD:

  • Account Lockout
  • Policy Change
  • Authentication Policy Change
  • Authorization Policy Change
  • User Account Management
  • Computer Account Management
  • Security Group Management
  • Distribution Group Management
  • Other Account Management Events
  • Directory Service Changes
  • Directory Service Replication

In particular I will show you how Directory Services Changes overlaps with the User, Group and Computer audit policies, and how Directory Service Changes is the right category for tracking other AD objects important to security, like OUs and Group Policy Objects. 

I will also point out the limitations and gaps in AD auditing so that you don’t waste time trying to track what can’t be tracked with native functionality alone.

ManageEngine is our sponsor for this real training for free event and Vivin Sathyan will show you how AD Audit Plus provides a single pane of glass for complete Active Directory Auditing and Reporting.

Please join us for this real training for free event.

 
First Name:   
Last Name:   
Work Email:  
Phone:  
Organization:  
Servers & Workstations:
 

Your information will be shared with the sponsor.

By clicking "Submit", you're agreeing to our Privacy Policy and consenting to be contacted by us.

 

 

Additional Resources