Lars Karlslund 
Here's a preview of the results of my experiment with loading data from the Sentinel "DeviceLogonEvents" into Adalanche. Instant success - here's an AD account that promiscuously logs in to *every* machine it finds once in a while. It's a member of Domain Admins, and not a member of Protected Users. What could possibly go wrong? If you're using SCCM push accounts incorrectly, this can look the same. Customer confirmed, and fixed it right away. Adalanche FTW! #activedirectory #adalanche
Paw@lkarlslund Nice tool! Just checked it out and saw some potential for it. Have to check out those Sentinel combinations too. Thanks for this tip!
@paw thanks, it's not a part of the open source edition, and right now it's just an experiment. There's endless stuff to add, but I need to make sure it makes sense first.
@lkarlslund I have to keep my eyes open then! ;)
Fritz Adalis@lkarlslund
You had my interest, but now you have my attention. Graph visualization of Sentinel data interests me.
You had my interest, but now you have my attention. Graph visualization of Sentinel data interests me.
@FritzAdalis graphing all kinds of data sources into Adalanche interests me. There's so much more than AD ACLs ... this gives a view of "if someone pwns a box, can they wait it out and get interesting credentials"