In a preceding discourse, we explored the prowess of ADAudit Plus’ user behavior analytics (UBA) in enabling administrators to scrutinize user login patterns for identifying compromised accounts. Expanding upon this capability, UBA within ADAudit Plus extends its purview to encompass the monitoring of any atypical processes on member servers, thus fortifying defenses against external threats. In this narrative, we delve into the modus operandi by which organizations can effortlessly monitor the initiation of processes on member servers for the first time.
Surveillance of Unorthodox Processes on Server Hosts
Picture a scenario wherein an employee inadvertently accesses a nefarious hyperlink, consequently downloading malware that instigates data encryption, subsequently propagating across the network. Swiftly upon the clandestine download of the malevolent program, the UBA solution within ADAudit Plus promptly detects the emergence of a novel process on the member servers, thereby activating an alert. Simultaneously, it discerns an aberrantly high volume of file modifications associated with the process, thus prompting immediate notification to the administrator.
The expeditious detection of such incursions expedites mitigation efforts and minimizes potential ramifications.
To monitor atypical processes on a server host with ADAudit Plus:
- Access ADAudit Plus via login credentials.
- Navigate to the Analytics section and opt for Unusual Process Activity.
- To peruse the report detailing processes inaugurated on the host for the first time, select the option denoted as “New process on the server.”
While having a dossier outlining unorthodox processes on a server host is beneficial, the exigencies of administrators often preclude thorough perusal of such reports. This quandary is effectively addressed through the deployment of alerts. By default, UBA alerts are dispatched via email; however, it is feasible to configure these alerts to be disseminated via SMS as well.
To customize alert profiles:
- Access the Configuration tab within ADAudit Plus.
- Navigate to Alert Profiles > View/Modify Alert Profiles and select the pertinent profile.
- Initiate modifications to the alert profile by clicking on Configure. Here, the notification preferences can be tailored to include email, SMS, or both.
- Save the modifications by clicking on Update.
Following the configuration of these parameters, administrators will commence receiving alerts pertaining to any anomalous processes observed on a server host.
In Summary
The UBA engine embedded within ADAudit Plus serves as a vigilant sentinel, promptly notifying administrators of any instances of process activity being initiated for the first time on member servers. Leveraging historical process data, the analytics engine scrutinizes ongoing processes for any signs of irregularity. Consequently, the inception of a maiden process on a server host triggers an alert, promptly communicated to the administrator. If you desire further insights, do not hesitate to contact us, and we will gladly assist you with any inquiries. Explore additional information about SanaTechGs and ManageEngine. For additional tips, visit our blog.