ITDR
About the Active Directory Custom Change Detection Dashboard
Zscaler ITDR allows you to customize the active changes you want to detect and monitor in an Active Directory (AD) domain. You can detect and monitor aticve changes in the following AD properties for each identity type:
- Users: Access-control lists (ACLs), passwords, and group membership properties.
- Groups: ACLs, members, and group membership properties.
- Computers: ACLs and group membership properties.
To view the change detection data for AD properties, you must configure a change detection policy. After the policy is deployed, the specific AD domain is scanned every 15 minutes. Two scans are required to detect changes in AD properties. The first scan creates the base results. If any changes are detected in the second scan, the changes are recorded and compared with the base results. The resulting changes are displayed on the Custom Change Detection dashboard for further analysis.
The AD Custom Change Detection dashboard provides the following benefits:
- Allows you to monitor and analyze changes to important AD properties.
- Monitors critical AD identity properties for changes and sends email notifications about these changes.
- Improves the security posture of your AD domain.
About the AD Custom Change Detection Dashboard
On the AD Custom Change Detection dashboard (ITDR > Dashboard > Change Detection > Custom), you can do the following:
- Filter change data by an AD domain.
- Copy specific columns from the table.
- View change data for the AD properties. For each change, you can view:
- Change Date: The date and time when a change is detected in AD properties.
- Identity: The name of the AD user account, group, or computer. You can filter the column to view data for a specific identity.
- Policy Name: The name of the AD change detection policy. You can filter the column to view data for a specific policy.
- Identity Type: The type of AD identity (User, Computer, or Group). You can filter the column to view data for a specific identity type.
- Changed Properties: The AD properties that are changed.
- View the history of AD properties change details.
- Delete an AD property change.