Building an Infosec IT Home Lab #8 | Monitor Active Directory Account Activity | Security Dashboard

I had some trouble due to exceptions, just posting this in case it helps others: I had to enable the execution policy in PowerShell as you mentioned in the video and then I also had to unblock the file with this command (PowerShell as Administrator):

Unblock-File -Path

Then the output looked like yours, thank you again for your hard work.

Dawntouchm

I've been following this great series. Learning a lot by re-doing the ESXi pieces, then the various VM pieces between videos. Repetition is key for long-term skill retention, and VM's make that very easy. Thank you for the great info!

AnnuMakt

It's a great video, I followed your steps, however, when I reached the section to create the query, the database was listed but I'm unable to see the ad_account in the dropdown list

richardohinds

Awesome video! if you want to ship more AD info to influxdb they are adding windows event viewer logs to telegraf

justwhyamerica

This has been a great tutorial, only thing I've had an issue with was the fact that upon loading the Graf it seems to timeout on updating the charts. Has anyone else experience this? It appears to be the values after Disabled AD Accounts causing the issue.

cownose

am interested to know what requirements do i need to start building my own dashboards ? mainly am following you video i would like to be able to innovate and create such dashboards, do i need to learn powershell ? any db's, programing languages ...

AliDouglah

I would appricate if you could show us how to use pull AD and Snort logs and store into elasticsearch and show by grafana

townnine

Hi Howard, I think you can use Docker container that allows you to flexibility. Deploy grafana, telemetry and influx db docker containers, then configure only demanded metrics. Check out docker hub that has many configured and secure containers. You can also pull/push, download and reuse them. Using CLI can be challenge for docker containers. You can manage them Portainer. Thanks for your hard working.

DG-ifgs

Hello Howie, why do you install graphana that is already in Security Onion VM? is it possible to do everything in Security Onion instead?

tangoalpha

How to add Password attempts on accounts to monitor password hijacking.

amxranthine

Hi;

How can I run the securitystats script as administrator??

cnarerdemsagr

Hello, 😄

So you must to restart the service each time want to see if value increase or decrease or you did that just to be sure for value will refresh instantly ?

I have another question, where you got the value for example that " -PasswordExpired).count " there any websites who reference somes values like this ? Because i want to add more values than 4, thx 😊

Makinou

the ad_security measurement does not show up in my drop down list when adding the panel.

jeremyr

Great work!! I've been following along, but I can't get the grafana to pick up the AD changes in my windows server with the script. Any suggestion on what I might’ve missed.

RalphMartinez

Bro my vms are not getting internet service. Am I missing something in offense?

logicstv

Hello There. Thank you for the video. Really helpful. Is there a way to create SSL for Grafana as that might be a insure way to access it? Thanks again.

pa

I want to see active user list. How can I do it?

testmail