Talk With an Expert

Continuous Security Monitoring in non-Active Directory Environments

Continuous Security Monitoring in non-Active Directory Environments (PDF, 2.45MB)Published: 20 Feb, 2019
Created by:
Blair Gillam

Active Directory-centric monitoring techniques, tools, and methodologies have dominated information security conferences in recent years. Many alternative centralized directory services, including FreeIPA and OpenLDAP, are found in modern enterprises. Diagnostic and performance monitoring for these alternatives is well documented; however, security-related events can be recorded in different formats and multiple locations across both directory servers and clients. This paper investigates continuous security monitoring techniques for FreeIPA that can be leveraged by defenders to analyze and visualize common directory service security events in non-Active Directory environments. It explores change detection rules that can be applied at the user, group, and directory levels and presents example security metrics for detecting anomalous activity.