Detection Engineering Archives - Windows Active Directory

Detection Engineering Security Operations for Identity

Detecting unmanaged accounts via group audit

September 17, 2025

Detecting unmanaged accounts via group audit: advanced comparison guide for AD, Entra, SIEM, and PAM Detecting unmanaged accounts via group audit means using group membership changes and “who got added where” telemetry to surface identities that operate outside expected governance: accounts not onboarded to PAM, not tied to HR/ITSM ownership, not covered by standard…

Top 10 audit logs for threat detection in AD

August 29, 2025

Top 10 Audit Logs for Threat Detection in Active Directory Active Directory (AD) doesn’t get “hacked” in a single step—attackers authenticate, escalate, move laterally, and persist. Your best early-warning system is a carefully chosen set of audit logs, collected consistently from the right hosts (especially domain controllers). On this page …

How to use audit policies to detect threats early

August 22, 2025

Using Audit Policies to Detect Threats Early (Active Directory) Active Directory Security • Detection Engineering • Windows Auditing Audit policies are your “early warning radar” for identity attacks—if you enable the right subcategories, collect the logs centrally, and convert high-signal events into actionable detections. …

Detection Engineering

Detecting unmanaged accounts via group audit

Top 10 audit logs for threat detection in AD

How to use audit policies to detect threats early

Featured Posts

What is Azure Data Factory (ADF)?

How to demote a Domain Controller: A step-by-step guide

Healthcare data Breaches down almost 50 percent in the first month of 2021

Popular with Readers

Active Directory Users and Computers (ADUC) - An introduction and installation guide

Active Directory Sites

Active Directory Password Policy

Recently Added

How to fix slow DNS lookup

Legacy D-Link DSL Routers Exploited via Unauthenticated DNS Hijacking (CVE-2026-0625)

Migrating from AD FS to Azure AD SSO