Scribd Logo
Upload

Welcome to Scribd!

  • Develop Detection Logics For The Following Use Cases

    Uploaded by

    Ashik
    5 views2 pages
    The document discusses logics for detecting two cybersecurity use cases: 1) Detecting login attempts using a disabled/locked user account on a Windows server. Logics proposed include checking the Active Directory authentication log and maintaining a log of locked/disabled accounts to detect access attempts. 2) No details are provided for the second use case.

    Original Description:

    Original Title

    Detection algorithms

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document discusses logics for detecting two cybersecurity use cases: 1) Detecting login attempts using a disabled/locked user account on a Windows server. Logics proposed include checking the Active Directory authentication log and maintaining a log of locked/disabled accounts to detect access attempts. 2) No details are provided for the second use case.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    5 views2 pages

    Develop Detection Logics For The Following Use Cases

    Uploaded by

    Ashik
    The document discusses logics for detecting two cybersecurity use cases: 1) Detecting login attempts using a disabled/locked user account on a Windows server. Logics proposed include checking the Active Directory authentication log and maintaining a log of locked/disabled accounts to detect access attempts. 2) No details are provided for the second use case.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

    Develop detection logics for the following use cases:

    The given situation can be solved with the help of logics with forming logics.
    1. Detecting login attempt using a disabled/locked user account on a windows server:

    As we know that the login attempts are the events which are always taken as logs in a
    device for audit purpose, etc. Here in this given situation we have the attacker using a
    disabled/locked user account to access the windows server. With respect to the given
    situation I hereby present my possibilities of detecting it.
     With the help of having the log of Active directory which controls the processes
    of authentication, authorization of users completely in a windows domain
    network. Active Directory checks the submitted username and password and
    determines whether the user is a system administrator or normal user.

     By maintaining a log which has the details and information about the accounts
    which have been locked/disabled where if there is any trial of access by the
    locked/disabled account it is converted and informed as a threat.
    If the given user is not
    found in the log of disabled
    users.

    If the given user is found in


    the log of disabled user

    Free to access

    In this process the infrastructure or the management which maintains the log of the users
    which are locked/disabled by them for their own security purposes. Hence only the accounts
    disabled by the specific infrastructure can be identified and detected.

    2.

    You might also like