StealthINTERCEPT

Version: StealthINTERCEPT

StealthINTERCEPT monitors and prevents unwanted and unauthorized activities in real-time for active directory security and compliance. It inspects all active directory, exchange, and file system traffic at the source, it detects malicious and unintended changes in real-time to safeguard organization’s credentials and unstructured data. 

Netsurion's Open XDR platform enables you to gather business intelligence providing increased security, performance, availability, and reliability of your systems.

Through alerts, knowledge base solutions, and reports, Netsurion's Open XDR platform helps you correct problems before a disastrous failure occurs.

NOTE: Currently Netsurion's Open XDR platform supports only active directory monitoring by StealthINTERCEPT.
Netsurion data source integration for StealthINTERCEPT allows you to monitor the following components.

  • Security– User Authentication Failure.
  • Operation – Active Directory Activities, AD Replication Monitoring Events and LSASS Guardian Events.
  • Compliance - User Authentication Success.

Once StealthINTERCEPT is configured to deliver events to Netsurion's Open XDR platform; alerts, dashboards and reports can be configured into Netsurion's Open XDR platform.

Some of the Data Source Integrations available in Netsurion are listed below.

Alerts

Type Name Description
Security StealthINTERCEPT - Login Failed This alert is generated when any user authentication failure is detected in StealthINTERCEPT.
Security StealthINTERCEPT - User Account Locked Out This alert is generated when locked user account is detected in StealthINTERCEPT
Operations   StealthINTERCEPT - User Password Changes - This alert is generated when any user password change is detected in StealthINTERCEPT.

Reports

Type Name Description
Security StealthINTERCEPT - User Authentication Failure This report gives information regarding all the user authentication failure detected in StealthINTERCEPT. Reports contains IP address, session ID, username, email and other useful information for further analysis.
Operations StealthINTERCEPT - User Authentication Success This report gives information regarding all the user authentication success is detected in StealthINTERCEPT. Reports contains IP address, session ID, username, IP and other useful information for further analysis.
Compliance StealthINTERCEPT - Active Directory Activites This report gives information regarding all the active directory activites detected in StealthINTERCEPT. Reports contains IP address, username, object modified, IP and other useful information for further analysis.
Compliance StealthINTERCEPT - LSASS Guardian Events This report provides information related to LSASS guardian events in StealthINTERCEPT.
Compliance StealthINTERCEPT - AD Replication Monitoring Events This report provides information related to AD replication monitoring events in StealthINTERCEPT.

Documentation

The configuration details are consistent with Netsurion version 9.2 or later, and StealthINTERCEPT.

Download Integration Guide and How-to Guide for more information and to configuration instructions.