Active Directory (AD) is a directory service that controls who has access to systems, applications, and data resources across the network. It is therefore very important to get visibility into Active Directory and track activities occurring within it to reduce risks and ensure confidentiality, integrity, and availability of resources.
LT Auditor+ protects your organization from internal and external threats by providing real-time monitoring of all changes occurring in AD. These changes include:
- Creating and deleting Active Directory users, groups, organizational units, computers, and any other type of object.
- Tracking when any AD object is renamed or moved in Active Directory.
- Monitoring changes to attributes of objects providing before and after values of these changes.
- Monitoring changes to permissions in Active Directory.
- Tracking account lockouts.Monitoring AD login activity.
- Monitoring AD login activity.
LT Auditor+ generates security intelligence reports by actively monitoring user activity and alerting on suspicious activities. The AD change information collected with LT Auditor+ can clearly identify:
- When an Active Directory Change was done.
- From Where the change was affected.
- What changes were made.
- Who was responsible for the change.
LT Auditor+ best practices to audit and monitor AD for attempted compromises
- Monitor AD Administrator accounts for unauthorized changes.
- Monitor and alert on the use of privileged AD account to ensure that usage was authorized.
- Track changes to privileged and VIP accounts in AD by actively monitoring changes to attributes on the Account tab such as CN, name, sAMAccountName, userPrincipalName, or userAccountControl.
- Actively monitor changes to the properties and membership of the following AD DS groups: Enterprise Admins (EA), Domain Admins (DA), Administrators (BA) and Schema Admins (SA).
- Monitor and notify in real time when disabled privileged accounts (such as built-in Administrator accounts on DCs and member servers) are enabled.
- Track and notify if audit policies are changed.
- Use LT Auditor+ to validate the implementation of least-privilege, role-based access controls for the administration of the directory.
About LT Auditor+
LT Auditor+ is a suite of applications that provide real-time monitoring and auditing of Windows Active Directory and Windows Servers changes. The application audits-tracks-reports on Windows Active Directory, Windows Workstations Logon/Logoff, Windows File Servers, and Member Servers to help meet security, audit, and compliance demands or requirements. Track authorized/unauthorized access of users’ Logon/Logoff, GPO, Groups, Computer, OU, and DNS server changes with over 300 detailed event-specific reports and real-time email alerts. Reports generation can be automated, scheduled, and exported to multiple formats like PDF, Excel, HTML, and CSV that further assist with a forensic investigation.