Forum Discussion
Sensitive groups
The group in question (as a test) was not one that normally gets modified at all....in fact it has probably not been modified for 12 months, by anyone previously.
Yes, was aware of the report.....and there is NOTHING at all in the report, which actually would be more useful to me than a console alert. Why would it not show in the report ? Yes, auditing for group membership is nabbed, and yes, it shows on the event log.
MicrosoftWhich domain group was it?
Keep in mind that in 1.8.* we are using a closed list of groups defined as sensitive.
in future version you will be able to tag yourself which groups are sensitive for you.
- ?? But we are talking ATP here, not ATA. There is already a list of sensitive groups that you can choose to "monitor", and whilst I have added things like Domain Admins and Enterprise Admins (which get changed very infrequently), I added a test group so we could see that the report and behaviour was like. Whilst I have not tried removing or adding folks to DA and EA (our auditors would not be happy with that, and I am not about to raise a change record just for that), it should certainly evaluate the group I have added, surely ?
- EliOfek
Sorry, got confused with another thread.
in AATP, you can tag the entities, so it seems you gap is that you need to have at least 10 weeks of learning period.
10 weeks of learning, for what exactly ? To say that someone "unusual" has modified the group membership ? If this is 10 weeks to appear in the report, is pretty useless, don't you think ? What would be the point of that ?