all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

High Fidelity LDAP alerting

Add to bookmarks
Feb. 5, 2024, 9:54 p.m. | /u/bogisbuncenbean

For [Blue|Purple] Teams in Cyber Defence www.reddit.com

Anyone have any killer detections they’ve created to monitor suspicious LDAP Activity in their environments? Right now we have created a baseline for what we’ve considered to be normal processes querying LDAP/LDAPS Global LDAP/S and Microsoft ADWS, and then we alert on the anomalies… but nowadays it seems like more and more applications running on Windows are using LDAP. Zoom used to be an exclusion for example, and now they have a use case??? Just wondering what others typically alert …

alert alerting applications blueteamsec detections environments fidelity global high killer ldap ldaps microsoft monitor normal processes running windows

Visit resource

More from www.reddit.com / For [Blue|Purple] Teams in Cyber Defence

CVE-2024-24919 Check Point 0-Day Remote Access VPN - or - aCSHELL/../../../../../../../ homepage/admin/.ssh/id_rsa * ssh admin@Host … 19 hours ago | www.reddit.com
blueteamsec
Australian court rules on appeal that Cyber Incident Response documents ARE NOT protected from legal … 22 hours ago | www.reddit.com
australian blueteamsec claim court +17
Snowflake Community: Detecting and Preventing Unauthorized User Access: Instructions 1 day, 13 hours ago | www.reddit.com
access blueteamsec community instructions +2
Linux rootkits explained – Part 1: Dynamic linker hijacking, Part 2: Loadable kernel modules 1 day, 14 hours ago | www.reddit.com
blueteamsec dynamic explained hijacking +5
NSA Releases Guidance on the Visibility and Analytics Pillar of Zero Trust 1 day, 14 hours ago | www.reddit.com
analytics blueteamsec guidance nsa +4
Exiled, then spied on: Civil society in Latvia, Lithuania, and Poland targeted with Pegasus spyware 2 days, 2 hours ago | www.reddit.com
blueteamsec civil civil society latvia +6
How malware authors play with the LNK file format 2 days, 13 hours ago | www.reddit.com
authors blueteamsec file lnk +3
The Pumpkin Eclipse 2 days, 16 hours ago | www.reddit.com
blueteamsec eclipse pumpkin
The Best Way to Start with AWS Security Hub 2 days, 16 hours ago | www.reddit.com
aws aws security hub blueteamsec hub +3

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland
View on infosec-jobs.com

Cyber Security Strategy Consultant

@ Capco | New York City
View on infosec-jobs.com

Cyber Security Senior Consultant

@ Capco | Chicago, IL
View on infosec-jobs.com

Sr. Product Manager

@ MixMode | Remote, US
View on infosec-jobs.com

Corporate Intern - Information Security (Year Round)

@ Associated Bank | US WI Remote
View on infosec-jobs.com

Senior Offensive Security Engineer

@ CoStar Group | US-DC Washington, DC
View on infosec-jobs.com