https://www.elastic.co/docs/reference/security/prebuilt-rules/rules/windows/credential_access_dcsync_replication_rights
Potential Credential Access via DCSync | Prebuilt detection rules reference
This rule identifies when a User Account starts the Active Directory Replication Process. Attackers can use the DCSync technique to get credential...
credential accessdetection rulespotentialviadcsync
https://www.sentinelone.com/blog/active-directory-dcsync-attacks/
DCSync Attack Protection Against Active Directory
dcsyncattackprotectionactivedirectory