Latest Version 1.2.5
January 13, 2025
Welcome to the new Splunkbase! To return to the old Splunkbase, click here.
ADTimeline
Active Directory is a prime target in mostly all cyberattacks, and attackers often attempt to gain Domain Admin privileges and maintain their access. That is why it is crucial for security teams to monitor the changes occurring on Active Directory.
Built by
Compatibility
Not Available
Platform Version: 10.0, 9.4, 9.3, 9.2, 9.1, 9.0, 8.2, 8.1, 8.0, 7.3, 7.2, 7.1, 7.0
CIM Version: 6.x, 5.x, 4.x, 3.x
Rating
0
(0)
Log in to rate this app
Support
Developer Supported app
Active Directory is a prime target in mostly all cyberattacks, and attackers often attempt to gain Domain Admin privileges and maintain their access. That is why it is crucial for security teams to monitor the changes occurring on Active Directory.
Active Directory modifications are recorded in the Domain Controllers Windows event logs but its scope/completeness depends on the auditing strategy configured. Unfortunately, those events are too rarely centralized, analyzed and archived. As a consequence, replication metadata is sometimes the only artefact left for DFIR analyst to characterize changes made on the Active Directory.
The ADTimeline application for splunk processes and analyses the Active Directory data collected by the ADTimeline PowerShell script.
The ADTimeline PowerShell script generates a timeline of Active Directory changes based on replication metadata and is available on github.
Categories
Created By
Leonard SAVINA
Type
app
Downloads
2,906
Licensing
Splunk Answers
Resources
Log in to report this app listing