ad-assurance - Re: [AD-Assurance] FW: AD monitoring for failure codes and insecure protocols
Subject: Meeting the InCommon Assurance profile criteria using Active Directory
List archive
- From: David Walker <>
- To:
- Subject: Re: [AD-Assurance] FW: AD monitoring for failure codes and insecure protocols
- Date: Wed, 10 Jul 2013 13:40:17 -0700
Fine with me.
David
On Wed, 2013-07-10 at 18:38 +0000, Ann West wrote:
Hi All,
Is it appropriate to loop Brett into our discussion and discuss his questions on an upcoming meeting?
Ann
From: Brett Bieber <>
Reply-To: Brett Bieber <>
Date: Wednesday, July 10, 2013 12:32 PM
To: Ann West <>
Subject: AD monitoring for failure codes and insecure protocols
Hi Ann,
I'm hoping you can put me in contact with someone looking at the AD alternative means. I'm looking for assistance identifying the proper event codes from the domain controller security logs.
My suspicion is that any institution that is not willing to shut down the insecure AD protocols will need to take the approach Chicago has taken, e.g. monitor and remediate. I'm hoping that we can come to consensus on all the AD event codes to monitor, and perhaps some standard monitoring scripts via powershell or Splunk etc to pull those events out and then perform the appropriate IAQ degradation actions.
Thanks for any info you could provide.
--
Brett Bieber
University of Nebraska-Lincoln
- [AD-Assurance] FW: AD monitoring for failure codes and insecure protocols, Ann West, 07/10/2013
- [AD-Assurance] RE: AD monitoring for failure codes and insecure protocols, Ron Thielen, 07/10/2013
- [AD-Assurance] RE: AD monitoring for failure codes and insecure protocols, Rank, Mark, 07/10/2013
- [AD-Assurance] RE: AD monitoring for failure codes and insecure protocols, Rank, Mark, 07/10/2013
- Re: [AD-Assurance] FW: AD monitoring for failure codes and insecure protocols, David Walker, 07/10/2013
- [AD-Assurance] RE: AD monitoring for failure codes and insecure protocols, Ron Thielen, 07/10/2013
Archive powered by MHonArc 2.6.16.