Welcome to the new Splunkbase! To return to the old Splunkbase, click here.
Collections
Apps
Submit an App
ADTimeline app icon

ADTimeline

Active Directory is a prime target in mostly all cyberattacks, and attackers often attempt to gain Domain Admin privileges and maintain their access. That is why it is crucial for security teams to monitor the changes occurring on Active Directory. Active Directory modifications are recorded in the Domain Controllers Windows event logs but its scope/completeness depends on the auditing strategy configured. Unfortunately, those events are too rarely centralized, analyzed and archived. As a consequence, replication metadata is sometimes the only artefact left for DFIR analyst to characterize changes made on the Active Directory. The ADTimeline application for splunk processes and analyses the Active Directory data collected by the ADTimeline PowerShell script. The ADTimeline PowerShell script generates a timeline of Active Directory changes based on replication metadata and is available on github.

Built by Leonard SAVINA
splunk product badge
screenshot
screenshot
screenshot
screenshot
screenshot
Latest Version 1.2.5
January 13, 2025
Compatibility
Not Available
Platform Version: 9.4, 9.3, 9.2, 9.1, 9.0, 8.2, 8.1, 8.0, 7.3, 7.2, 7.1, 7.0
CIM Version: 6.x, 5.x, 4.x, 3.x
Rating

0

(0)

Log in to rate this app
Support
ADTimeline support icon
Developer Supported app
Learn more
Active Directory is a prime target in mostly all cyberattacks, and attackers often attempt to gain Domain Admin privileges and maintain their access. That is why it is crucial for security teams to monitor the changes occurring on Active Directory. Active Directory modifications are recorded in the Domain Controllers Windows event logs but its scope/completeness depends on the auditing strategy configured. Unfortunately, those events are too rarely centralized, analyzed and archived. As a consequence, replication metadata is sometimes the only artefact left for DFIR analyst to characterize changes made on the Active Directory. The ADTimeline application for splunk processes and analyses the Active Directory data collected by the ADTimeline PowerShell script. The ADTimeline PowerShell script generates a timeline of Active Directory changes based on replication metadata and is available on github.

Categories

Created By

Leonard SAVINA

Type

app

Downloads

2,571

Licensing

Splunk Answers

Resources

Login to report this app listing