Active Directory (AD) is a directory service that controls who has access to systems, applications, and data resources across the network. It this therefore very important to get visibility into Active Directory and track activities occurring within it to reduce risks and ensure confidentiality, integrity and availability of resources.

LT Auditor+ protects your organization from internal and external threats by providing real time monitoring of all changes occurring in AD. These changes include:

  1. Creation and deletion of Active Directory users, groups, organizational units, computers and any other type of object.
  2. Tracks when any AD object is renamed or moved in Active Directory
  3. Monitors changes to attributes of objects providing before and after values of these changes
  4. Monitors changes to permissions in Active Directory
  5. Tracks account lockouts
  6. Monitors AD logon activity
Kerberos authentication
 
 
LT Auditor+ generates security intelligence reports by actively monitoring user activity and alerting on suspicious activities. The AD change information collected with LT Auditor+ can clearly identify

  • When an Active Directory Change was done
  • Where was the change effected
  • What were the Changes made and
  • Who was responsible for the change
Kerberos authentication
 
 

About LT Auditor+

LT Auditor+ is a suite of applications that provide real-time monitoring and auditing of Windows Active Directory & Windows Servers changes. The application audits-tracks-reports on Windows Active Directory, Windows Workstations Logon / Logoff, Windows File Servers & Member Servers to help meet security, audit and compliance demands or requirements. Track authorized / unauthorized access of users Logon / Logoff, GPO, Groups, Computer, OU, DNS server changes with over 300 detailed event specific reports and real-time email alerts. Reports generation can automated and scheduled and can be exported to multiple formats like PDF, EXCEL, HTML and CSV that further assist with a forensic investigation.

LT Auditor+ best practices to audit and monitor AD for attempted compromises

  • Monitor AD Administrator accounts for unauthorized changes
  • Monitor and alert on the use of privileged AD accounts to ensure that usage was authorized
  • Track changes to privileged and VIP accounts in AD by actively monitoring changes to attributes on the Account tab such as cn, name, sAMAccountName, userPrincipalName, or userAccountControl
  • Actively monitor changes to the properties and membership of following AD DS groups: Enterprise Admins (EA), Domain Admins (DA), Administrators (BA), and Schema Admins (SA)
  • Monitor and notify in real time when disabled privileged accounts (such as built-in Administrator accounts on DC’s and member servers) are enabled
  • Track and notify if audit policies are changed
  • Use LT Auditor+ to validate Implementation of least-privilege, role-based access controls for administration of the directory
    • Kerberos authentication