Trail Flow Table
Tenable Identity Exposure lists the events in your Active Directory in the Trail Flow table continuously as they occur. It includes the following information:
Indicates the origin of any security-related change in your AD infrastructures.
There are two possible sources:
Tenable Identity Exposure analyzes thoroughly LDAP and SMB traffic over your network to detect anomalies and potential threats.
Note: Active Directory (AD) allows administrators to create group policies that control settings deployed on user and machine accounts. The Group Policy Object (GPO) stores these control settings. The Sysvol folder stores GPO files on the domain controller. It is important to monitor the contents of GPOs for the security of your AD because each domain member can apply or execute them with a high level of privileges.
Shows the characteristic elements of an event such as:
|Object||Indicates the class or file extension associated with an AD object. You can search for a directory object (user, computer, etc.) or a file with a specific file name extension (ini, XML, csv).|
Indicates the full path to an AD object to identify the unique location of this object in the AD.
Indicates the directory from which the change in your AD infrastructure came.
Indicates the time of the event.