Securing and Monitoring Active Directory for Signs of Compromise

Is there a monitoring alert that allows the rmm to Securing and Monitoring Active Directory for Signs of Compromise?

@libretech , there’s nothing that I’m aware of – you could create a monitor with custom procedures to monitor for certain events though.

@Kristan thanks for the response but what I’ve seen in other rrm tools is the ability to monitor password audits of failed logon attempts. This can be set by the user from the dashboard for example if there is 10 failed login attempts at and endpoint within 24hrs then an alert is raised on the dashboard along with a email alert, ticket creation etc. When you click on that alert you are able to drill down to which user account is being used and is failing login attempts. This alert can also be picked up from the AD server that can show a list of top 5 accounts that have the highest failed login attempts.

You should be able to accomplish something similar to this using the procedure script here: https://scripts.itarian.com/frontend/web/topic/trace-brute-force-attack

Create a new monitor under Endpoint Manager > Configuration Templates > Monitors, and under the conditions tab go to Add > Custom procedure and then use the script above.

Thanks! I will test it out.