Today we created a dynamic list of privileged AD users using LDAP Query. We are creating an access control rule for our client’s applications. Next step is to add the application data sources in to the LogRhythm.
We had a meeting with the SAIR team ( Ethical Hackers ) and we went through the Client’s Application Network structure and identified the different types of systems and the data type they are housing or accessing. From there we determined all the different types of scenarios that a hacker would do to gain access to the data. Next step is to create correlation rules to protect these systems.