Robuta

https://www.elastic.co/docs/reference/security/prebuilt-rules/rules/windows/credential_access_dcsync_replication_rights Potential Credential Access via DCSync | Prebuilt detection rules reference This rule identifies when a User Account starts the Active Directory Replication Process. Attackers can use the DCSync technique to get credential... credential accessdetection rulespotentialviadcsync https://www.sentinelone.com/blog/active-directory-dcsync-attacks/ DCSync Attack Protection Against Active Directory dcsyncattackprotectionactivedirectory