If you enable change detection for your Active Directory (AD) domain, Zscaler ITDR continuously monitors the AD domain for any malicious changes that could potentially introduce a new identity and privilege escalation risk. These changes are available to view on the Change Detection dashboard. You can review these changes to confirm that they are not a risk and mark them as safe by moving them to the object safelist.

About the AD Change Detection Object Safelist Page

On the AD Change Detection Object Safelist page (ITDR > Settings > AD Change Detection Object Safelist), you can do the following:

1. Select an AD domain from the Result for drop-down menu.
2. View the list of objects that are marked safe. For each object, you can view:
   • Name: The name of the user associated with the issue.
   • Associated Issue: The issue associated with the object.
   • Created On: The date when the change detection was added to the safelist.
   • Created By: The name of the user who added the change detection to the safelist.
   • Reason: The reason why the change detection was added to the safelist.
   • Expiry: The date when the object is deleted from the safelist.
3. Edit or delete an object from the safelist.