Change Auditor for Logon Activity is a robust tool for auditing and securing Active Directory and Azure AD environments. It provides detailed user login and logoff tracking, detecting authentication vulnerabilities, including Kerberos exploits (Golden Ticket) and insecure NTLM authentication. This solution captures, alerts, and generates reports on login events across on-premises AD and cloud environments (Azure AD), helping organizations stay compliant and secure. With features like real-time alerts, integration with SIEM platforms, and comprehensive reporting for regulatory standards (GDPR, PCI DSS, HIPAA), it ensures complete visibility into authentication activity, enabling quick response to suspicious behavior.

Features:

• Golden Ticket Detection: Identifies and alerts on Kerberos vulnerabilities used in pass-the-ticket attacks.
• NTLM Authentication Auditing: Tracks NTLM usage and detects less secure applications.
• Hybrid Security Awareness: Monitors AD logins alongside Azure AD sign-ins to spot suspicious activities across hybrid cloud environments.
• Real-Time Alerts: Sends critical login event notifications to mobile and email.
• SIEM Integration: Integrates with platforms like Splunk and Sentinel.
• Comprehensive Reporting: Generates auditor-ready reports for compliance with GDPR, HIPAA, SOX, PCI DSS, and more.
• Threat Timelines: Offers a chronological view of logon events for better forensic analysis.
• Hybrid Audit Dashboard: Combines data from AD, Azure AD, and Office 365 for an integrated security view.