all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

High Fidelity LDAP alerting

Add to bookmarks
Feb. 5, 2024, 9:54 p.m. | /u/bogisbuncenbean

For [Blue|Purple] Teams in Cyber Defence www.reddit.com

Anyone have any killer detections they’ve created to monitor suspicious LDAP Activity in their environments? Right now we have created a baseline for what we’ve considered to be normal processes querying LDAP/LDAPS Global LDAP/S and Microsoft ADWS, and then we alert on the anomalies… but nowadays it seems like more and more applications running on Windows are using LDAP. Zoom used to be an exclusion for example, and now they have a use case??? Just wondering what others typically alert …

alert alerting applications blueteamsec detections environments fidelity global high killer ldap ldaps microsoft monitor normal processes running windows

Visit resource

More from www.reddit.com / For [Blue|Purple] Teams in Cyber Defence

hunt_arcanedoor_ips.csv: Full IP list to check against your ASA/Flow logs for the ArcaneDoor Cisco ASA … 23 hours ago | www.reddit.com
arcanedoor asa blueteamsec check +8
CVE-2024-21111 - Local Privilege Escalation in Oracle VirtualBox 1 day, 1 hour ago | www.reddit.com
blueteamsec cve cve-2024 escalation +7
How I hacked into Google’s internal corporate assets [tl;dr: dependency confusion] 1 day, 5 hours ago | www.reddit.com
assets blueteamsec corporate dependency +4
here's my blog on Phishing Email Investigation: A Step-by-Step Analysis 1 day, 9 hours ago | www.reddit.com
analysis blog blueteamsec email +2
(The) Postman Carries Lots of Secrets - "We estimate over 4,000 live credentials are currently … 1 day, 12 hours ago | www.reddit.com
blueteamsec cloud credentials live +4
Botconf 2024 videos 1 day, 13 hours ago | www.reddit.com
blueteamsec botconf videos
Hunting for a Sliver in a haystack 2 days, 1 hour ago | www.reddit.com
blueteamsec haystack hunting sliver
Nation-State Threat Actors Renew Publications to npm 2 days, 6 hours ago | www.reddit.com
blueteamsec nation npm publications +3
Guidance for Incident Responders 2 days, 9 hours ago | www.reddit.com
blueteamsec guidance incident incident responders

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Cybersecurity Engineer

@ Booz Allen Hamilton | USA, VA, Arlington (1550 Crystal Dr Suite 300) non-client
View on infosec-jobs.com

Invoice Compliance Reviewer

@ AC Disaster Consulting | Fort Myers, Florida, United States - Remote
View on infosec-jobs.com

Technical Program Manager II - Compliance

@ Microsoft | Redmond, Washington, United States
View on infosec-jobs.com

Head of U.S. Threat Intelligence / Senior Manager for Threat Intelligence

@ Moonshot | Washington, District of Columbia, United States
View on infosec-jobs.com

Customer Engineer, Security, Public Sector

@ Google | Virginia, USA; Illinois, USA
View on infosec-jobs.com
View more jobs