Configure Active Directory Monitor and Sync

Breach Secure Now's Active Directory Monitor and Sync app

Overview

The Active Directory Monitor and Sync app from Breach Secure Now provides visibility into changes made to Microsoft Active Directory user accounts in an on-premise Active Directory installation.

To monitor for changes to Azure AD accounts, please use the Office 365 Log Monitor app.

Not only will this app report in the RocketCyber Console any changes which are made, it can also sync the changes to Breach Secure Now.

Configuration

  1. Go to the App Store and enable the Active Directory Monitor and Sync app.

 

 2.   Switch context to the specific customer that you want to configure. From the top right context switch menu, click the down arrow, then click on the desired customer.

 

 3.    From the Dashboard, click on the Configure button in the lower right corner of the app card.

    1. From the Monitoring Device dropdown, choose the device that you want to run the app on. Note this app will only run on the specified device.
    2. In the Client ID field, enter your Breach Secure Now Client ID. If you are a Breach Secure Now Client and need to obtain a client id, contact  operations@breachsecurenow.com. If you arent a Breach Secure Now client, you can leave it blank to monitor any changes to Active Directory without forwarding the results to Breach Secure Now.
    3. When finished click Create to save the configuration.

 

How it works

The app will be run on the specified target machine. Periodically, based on the value specified in the Sync Interval configuration, it will check for changes to active directory users.

When the app starts for the first time, you should expect to see a complete inventory of active directory user accounts in the app results for this app. From that point forward it will only report changes made to user accounts since the last time it ran.

Reset Button

The app maintains a local cache record of account activity. In the event you find these needs to be reset, you can click the Reset button on the Active Directory Monitor and Sync app card. This will send a message to the device running this app to clear the cache and rescan Active Directory for user accounts.