Any advice on how to best secure/monitor domain admin and higher-level access service accounts? It would be nice to have more detailed alerts regarding activity with these accounts than just if the account is locked. We are an Azure/AD shop. We have Arctic Wolf as our SOC.
Sort By:
Oldest
Chief Evangelist in IT Servicesa year ago
Getting understanding of the ability for these accounts to read, update and delete data is essential and monitoring their actual activity is essential and can be provided through new DSPM toolsVP Cybersecurity in Banking7 months ago
import your logs into Splunk and then create alerts going to your SOC to validate appropriate usage.