Indicators of Attack and the Active Directory

Required license: Indicators of Attack's indicators of attack provide a reactive approach to detect an attack in real time. leverages three sources of information to detect security incidents:

  • Your Active Directory database

  • The SYSVOL shared folder

  • The Event Tracing for Windows (ETW) engine collects the insertion strings associated with the event IDs and processes them to determine whether or not the events represent an attack.

For information, see Install Indicators of Attack.

Indicators of Attack

Note: The documentation for Indicators of Attack has moved to the Tenable downloads portal. For a complete list of Indicators of Attack and their implementation, see the Indicators of Attack Reference Guide in the Tenable downloads portal.