Recent content by amane

Is there any way to fetvh thisinfomration in the AD. We have around 100 pcs in the environment. And, we cannot integrate allbof them into the SIEM. Sent from my Moto G (4) using Tapatalk

Hello Neemobeer, Thanks for update. I will look for procmon as I have not explored it yet. I will try it and will let you know. Regards, Ameer Mane Sent from my Moto G (4) using Tapatalk

Hello Neemobeer, Thanks for the replay. We have a use case in the environment which needs to collect interactive logon on the PCs. Also, considering normal scenario in which we want to check if any service user account is getting used for interactive log on. It is essential to have...

Hello All, We are observing lots of ICMP traffic from a windows system. However, we are not able to identify which application is generating this traffic. We tried to check by using "netstat -abn" however, it shows only TCP and UDP traffic, but not ICMP. Is there any feature or utility in...

Hello All, Greetings!!! In our environment we monitor windows events 4624 and 4625 on AD for other workstations as all workstations can not integrated in a SIEM. However, in event 4624 and 4625, we are not getting any type 10 or type 2 logon type that could tell us the interactive logon has...