monitoring Archives - Windows Active Directory

Automation & Tooling Scripts & Templates

Detecting Kerberoasting with PowerShell and logs

November 14, 2025

Detecting Kerberoasting with PowerShell and Logs Kerberoasting is an Active Directory attack technique where an attacker requests Kerberos service tickets (TGS) for accounts that have Service Principal Names (SPNs), then cracks the ticket offline to recover the service account password. Because it uses legitimate Kerberos flows, the key to detection is understanding what…

How to secure OU and group changes with audit trails

October 17, 2025

Securing OU and group changes with audit trails Organizational Units (OUs) and security groups are two of the most powerful “control surfaces” in Active Directory. OUs decide where objects live, what policies apply, who can administer what, and how delegation is structured. Groups decide who can access what (file shares, apps, GPO filtering…

AD partition audit coverage: Domain, Configuration, Schema

October 3, 2025

AD Partition Audit Coverage: Domain, Configuration, Schema – The Foundational Guide Active Directory (AD) is built on directory partitions—logical containers that scope replication, management, and security. The three most critical partitions are Domain, Configuration, and Schema. Auditing these partitions matters because each one holds…

Detecting unmanaged accounts via group audit

September 17, 2025

Detecting unmanaged accounts via group audit: advanced comparison guide for AD, Entra, SIEM, and PAM Detecting unmanaged accounts via group audit means using group membership changes and “who got added where” telemetry to surface identities that operate outside expected governance: accounts not onboarded to PAM, not tied to HR/ITSM ownership, not covered by standard…

Top 10 audit logs for threat detection in AD

August 29, 2025

Top 10 Audit Logs for Threat Detection in Active Directory Active Directory (AD) doesn’t get “hacked” in a single step—attackers authenticate, escalate, move laterally, and persist. Your best early-warning system is a carefully chosen set of audit logs, collected consistently from the right hosts (especially domain controllers). On this page …

SIEM alert rules for AD exploitation attempts

August 29, 2025

SIEM Alert Rules for Active Directory Exploitation Attempts SIEM Alert Rules for Active Directory Exploitation Attempts If you’re monitoring Active Directory with a SIEM, your job isn’t “collect all the logs” — it’s to turn identity telemetry into high-signal alerts that catch exploitation early, stay resilient to evasion, and don’t drown you in…

How to use audit policies to detect threats early

August 22, 2025

Using Audit Policies to Detect Threats Early (Active Directory) Active Directory Security • Detection Engineering • Windows Auditing Audit policies are your “early warning radar” for identity attacks—if you enable the right subcategories, collect the logs centrally, and convert high-signal events into actionable detections. …

How to monitor and backup Azure resources

July 23, 2024

Monitoring and backing up your Azure resources is critical to ensuring the availability, performance, and resilience of your cloud infrastructure and data. Azure provides several tools and services for effective monitoring and backup. Here’s a general guide to monitoring and backing up Azure resources. Monitoring Azure resources Azure offers several tools to monitor your cloud environment…

How to monitor and report security events in Microsoft Entra ID

June 11, 2024

In Microsoft Entra ID (Azure Active Directory), monitoring and reporting capabilities are vital for safeguarding your organization. They act as vigilant guards, detecting and responding to potential threats within the Microsoft 365 environment. By tracking security events and providing detailed reports, you can stay ahead of cyber risks and maintain a secure digital ecosystem where your data…

Integrating Azure AD with SIEM

May 24, 2024

Imagine managing your company’s security posture without a central safety net. This is the reality for businesses that do not integrate security information and event management (SIEM) solutions into their environment. What is a SIEM solution? A SIEM solution is pivotal for your organization’s security posture. It collects data from users, servers, devices, and applications, analyzing it…

monitoring

Detecting Kerberoasting with PowerShell and logs

How to secure OU and group changes with audit trails

AD partition audit coverage: Domain, Configuration, Schema

Detecting unmanaged accounts via group audit

Top 10 audit logs for threat detection in AD

SIEM alert rules for AD exploitation attempts

How to use audit policies to detect threats early

How to monitor and backup Azure resources

How to monitor and report security events in Microsoft Entra ID

Integrating Azure AD with SIEM

Featured Posts

What is Azure Data Factory (ADF)?

How to demote a Domain Controller: A step-by-step guide

Healthcare data Breaches down almost 50 percent in the first month of 2021

Popular with Readers

Active Directory Users and Computers (ADUC) - An introduction and installation guide

Active Directory Sites

Active Directory Password Policy

Recently Added

How to fix slow DNS lookup

Legacy D-Link DSL Routers Exploited via Unauthenticated DNS Hijacking (CVE-2026-0625)

Migrating from AD FS to Azure AD SSO