Active Directory Members Only

Active Directory Monitoring & Threat Hunting

Detecting AD attacks requires knowing which Event IDs matter, how to write Sysmon configs that catch lateral movement, and how to query Microsoft Sentinel or Splunk for the patterns attackers leave. This covers the essential AD Event ID reference, Sysmon tuning for AD, KQL threat hunts for Kerberoasting/DCSync/lateral movement, and building detection coverage maps against ATT&CK.

Related Articles