StealthINTERCEPT

Version: StealthINTERCEPT

StealthINTERCEPT monitors and prevents unwanted and unauthorized activities in real-time for active directory security and compliance. It inspects all active directory, exchange, and file system traffic at the source, it detects malicious and unintended changes in real-time to safeguard organization’s credentials and unstructured data. 

Netsurion Open XDR enables you to gather business intelligence providing increased security, performance, availability, and reliability of your systems.

Through alerts, knowledge base solutions, and reports, Netsurion Open XDR helps you correct problems before a disastrous failure occurs.

NOTE: Currently Netsurion Open XDR supports only active directory monitoring by StealthINTERCEPT.
Netsurion data source integration for StealthINTERCEPT allows you to monitor the following components.

  • Security– User Authentication Failure.
  • Operation – Active Directory Activities, AD Replication Monitoring Events and LSASS Guardian Events.
  • Compliance – User Authentication Success.

Once StealthINTERCEPT is configured to deliver events to Netsurion Open XDR; alerts, dashboards and reports can be configured into Netsurion Open XDR.

The following are the key Data Source Integration available in Netsurion Open XDR.

Alerts

Type Name Description
Security StealthINTERCEPT – Login Failed This alert is generated when any user authentication failure is detected in StealthINTERCEPT.
Security StealthINTERCEPT – User Account Locked Out This alert is generated when locked user account is detected in StealthINTERCEPT
Operations StealthINTERCEPT – User Password Changes This alert is generated when any user password change is detected in StealthINTERCEPT.

Reports

Type Name Description
Security StealthINTERCEPT – User Authentication Failure This report gives information regarding all the user authentication failure detected in StealthINTERCEPT. Reports contains IP address, session ID, username, email and other useful information for further analysis.
Operations StealthINTERCEPT – User Authentication Success This report gives information regarding all the user authentication success is detected in StealthINTERCEPT. Reports contains IP address, session ID, username, IP and other useful information for further analysis.
Compliance StealthINTERCEPT – Active Directory Activites This report gives information regarding all the active directory activites detected in StealthINTERCEPT. Reports contains IP address, username, object modified, IP and other useful information for further analysis.
Compliance StealthINTERCEPT – LSASS Guardian Events This report provides information related to LSASS guardian events in StealthINTERCEPT.
Compliance StealthINTERCEPT – AD Replication Monitoring Events This report provides information related to AD replication monitoring events in StealthINTERCEPT.

Documentation

The configuration details are consistent with Netsurion Open XDR 9.2 or later, and StealthINTERCEPT.

Download Integration Guide and How-to Guide for configuration instructions and more information.