Archive

Archive for the ‘MS: AD, Group Policies, PKI’ Category

ATA: Recorded security eventlog events

To enhance detection capabilities, ATA needs the following Windows events: 4776, 4732, 4733, 4728, 4729, 4756, 4757

https://docs.microsoft.com/en-us/advanced-threat-analytics/configure-event-collection

For ATA versions 1.8 and higher, event collection configuration is no longer necessary for ATA Lightweight Gateways. The ATA Lightweight Gateway can now read events locally, without the need to configure event forwarding.

 

ATA Auditing (AuditPol, Advanced Audit Settings Enforcement, Lightweight Gateway Service discovery):

https://blogs.technet.microsoft.com/positivesecurity/2017/08/18/ata-auditing-auditpol-advanced-audit-settings-enforcement-lightweight-gateway-service-discovery/

Active Directory Powershell: Quick tip LastLogonTimeStamp and pwdLastSet

Advanced AAD Connect Permissions Configuration

AD: Scripting Tips & Tricks: RegEx for OU Name & Path

AD: SAMBA, NTLM SSP, and A Gap in Enterprise Configuration Control

Introducing Microsoft Advanced Threat Analytics v1.8!

WAP 2016 Published Application Not Working – HTTP Error 503