Why did we develop this pack?
We believe that behind every breach headline there is an insecure Active Directory (AD) deployment. Active Directory became a “crown jewel“, a favored target for attackers to elevate privileges and facilitate lateral movement through leveraging known flaws and misconfigurations (exposures). Unfortunately, most organizations struggle with Active Directory security due to misconfigurations stacking up as domains increase in complexity, leaving security teams unable to fix flaws before they become business-impacting issues.
How did we implement this pack?
With you in mind (end users and security teams), our team of active directory experts, security analysts and developers digitized Active Directory remediation workflows into readable Playbooks, to address most common Active Directory misconfigurations and exposures.
What does this pack do?
This pack contains valuable playbooks which execute remediation workflows, step by step, to address Active Directory misconfiguration using PowerShell commands.
You can use our playbooks for various use cases:
- Learn and setup an Active Directory documented remediation program (tracked through the XSOAR case management module)
- Execute playbooks following a manual Active Directory audit’s findings
- Execute playbooks against Audit alerts found by tools like PingCastle, Tenable.AD, Semphris, Microsoft ATP for AD
- Leverage our playbooks in other workflows and use cases
- Use our playbooks to consistently enforce configuration posture to Active Directories in your environment as a Pro Active Blue Team approach
- Empower your Active Directory architects and engineering team with the XSOAR value through this pack.
As part of this pack, you will also get the out-of-the-box incident type and a layout for documenting AD exposures cases. These are easily customizable to suit the needs of your organization.
For more information, visit our website: www.soarxperts.com
Keen to test it out? Download the free PingCastle pack available on the marketplace and use this pack’s automation to parse and execute PingCastle audit report.