Tags: Active Directory
Check windows event log: Create user account User account on User account off User account password reset Delete user account Unlocked user account + changed domain policy and cleaned security log
Active Directory replication and audit templates. the names of the triggers only in Russian but later will be in English
Template based on MS document "Best Practices for Securing Active Directory"Items & Triggers A monitored security event pattern has occurred. A replay attack was detected. May be a harmless false positive due to misconfiguration error. System audit ...
Performance counters DRA Inbound Bytes Total/Sec DRA Inbound Object Updates Remaining in Packet DRA Outbound Bytes Total/Sec DRA Pending Replication Synchronizations Kerberos Authentications/Sec LDAP Bind Time LDAP Client Sessions LDAP Searches/ ...
Zabbix Template to monitor for Windows Event Viewer event's related to Netlogon Elevation of Privilege Vulnerability - CVE-2020-1472. Monitors event ID's 5827, 5828 & 5829.https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1 ...
zabbix-ldap-sync-bash This is a pure bash-script for syncing a Actice-Directory Group via LDAP with a Zabbix-Group. Pure Bash Skript for Linux LDAP and LDAPS Support (ignoring SSL possible) Zabbix API via http / https (ignoring SLL per default) Zab ...