Set up the sentinelone integration.
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。
Goal
Detect when Ntdsutil is used in a suspicious manner, typically to access the Ntds.dit file.
Strategy
Threat actors are known to utilize tools found natively in a victim’s environment to accomplish their objectives. Ntdsutil, a legitimate Windows binary, has been abused by malicious actors in the past to gain access to the Ntds.dit file.
Triage and response
- Identify if the usage of Ntdsutil is authorized, and confirm if the
Ntds.dit file was downloaded. - If it’s not authorized, isolate the host from the network.
- Follow your organization’s internal processes for investigating and remediating compromised systems.
