Forum Discussion
Solved
Filtering OUs/Users
Hello, I am a newbie in the world of MDI and on the project i've just joined the end client has a requirement to protect a group of sensitive users housed in an OU in a child domain. There is a ...
- It does, but it has some latency.
Jsut want to make sure you understand that even if you can "make it work" "good enough" now,
no one promises you that it will stay like that over time, as it it not designed which such approach in mind. a future code change might change things.
I still think that there could be cases where such data will be displayed even if not resolved properly.
EliOfek
Microsoft
MicrosoftNo, while you might be able to block MDI from syncing those users directly from AD,
you can't stop it from capturing it's traffic, the sensor might still see those samNames, Display names etc, only it won't be able to fully resolve them to the AD entity. this will heart detection, but won't keep those entities completely anonymized.
That is the reason for this? what is the exact risk they are trying to overcome ?
How does it makes sense to limit detection on some users? won't that make them a goldmine for adversaries ?
you can't stop it from capturing it's traffic, the sensor might still see those samNames, Display names etc, only it won't be able to fully resolve them to the AD entity. this will heart detection, but won't keep those entities completely anonymized.
That is the reason for this? what is the exact risk they are trying to overcome ?
How does it makes sense to limit detection on some users? won't that make them a goldmine for adversaries ?