Active Directory Correlation Rules
Purposes: POC (internal use only)
Version: Sentinel 7 (it would work on Sentinel 6 as well)
Type: Solution Pack
- This solution pack was built based on some (not all) Change Guardian rules and there are around 47 correlation rules
- It could be used when Change Guardian is missing and you need some correlation rules specifically for Active Directory.
- It was grouped in 3 different control types: for Users, for Groups and for Computers
- Some of them request or use dynamic list (e.g. AD_Authorized_Accounts) so it would be needed to populate them according to customer environment after importing and installing.
- Just some correlation rules were tested considering all scenarios so maybe it would be needed some changes on them