Chicago, IL, USA
Mar 28, 2019 | By Ingmar Koecher
Since Active Directory is the foundation of all Windows networks, monitoring Active Directory needs to be part of any comprehensive security strategy. Up to version 3.5, EventSentry utilized Windows auditing and the security event log to provide reports on: User Account Changes, Group Changes and Computer Account Changes.
Jul 31, 2018 | By Ingmar Koecher
EventSentry v3.5 continues to increase visibility into networks with additional vantage points, making it easier for EventSentry users to reduce their attack surface as well as discover anomalies.
Mar 16, 2018 | By Ingmar Koecher
Windows supports a code-signing feature called Authenticode, which allows a software publisher to digitally sign executable files (e.g. .exe, .msi, …) so that users can verify their autenticity. The digital signature of a file can be viewed in the file properties in Windows explorer on the “Digital Signature” tab.
Jan 30, 2018 | By Ingmar Koecher
In part one I provided a high level overview of PowerShell and the potential risk it poses to networks. Of course we can only mitigate some PowerShell attacks if we have a trace, so going forward I am assuming that you followed part 1 of this series and enabled: Module Logging, Script Block Logging, Security Process Tracking (4688/4689)
Jan 29, 2018 | By Ingmar Koecher
Imagine someone getting the seemingly innocent ability to run a couple of commands on a machine on your network WITHOUT installing any new software, but those commands resulting in a reverse shell running on that same machine – giving the intruder a convenient outpost in your network. Now stretch your imagination even further and pretend that all of this happens without leaving any unusual traces in logs – leaving you completely in the dark.
Once you are familar with the basic concept of EventSentry we recommend that you take a look at the best practices. It contains useful tips & tricks and configuration examples to help you get the most out of EventSentry with the least amount of administration.
Apr 8, 2019 | By NETIKUS.NET LTD
EventSentry's ADMonitor natively monitors Active Directory™ to detect all object changes down to the attribute with before and after values. ADMonitor also captures group policy changes and includes a complete user inventory to quickly identify at-risk user accounts.
Nov 2, 2018 | By NETIKUS.NET LTD
Put netstat on steroids and reduce your attack surface by revealing all processes on your network that are listening for incoming TCP connections. EventSentry can also alert when a new process is listening for incoming connections, or when critical processes are not running.