Deployment guide included. Field mappings documented. No senior detection engineer needed.
Every query tagged to technique IDs. Accepted as compliance evidence by auditors.
Single-org use. No open-source legal risk. Procurement-friendly.
6 NDJSON AD threat detection rules mapped to MITRE T1558/T1078/T1087, CIS v8, ISO A.5.15, NIST AC-2
Production-ready Active Directory Threat detection for Elastic SIEM. Deploy in under 2 hours.
One-time purchase โ no subscription
Six Elastic SIEM detection rule files targeting Active Directory attacks including Kerberoasting, AS-REP Roasting, golden and silver ticket forgery, DCSync, password spray, privileged group modification, and pass-the-hash/pass-the-ticket lateral movement. Mapped to MITRE ATT&CK T1558, T1078, T1087 with CIS v8 Section 5, ISO A.5.15, and NIST AC-2 compliance references.
Needs active directory threat detection live today, not after days of query development.
Wants tested, documented queries they can review and deploy immediately.
Deploys active directory threat detection across multiple clients. Saves days per engagement.
Needs MITRE ATT&CK evidence and framework-mapped detection for auditors.
Deployment guides cover current versions. Field mapping notes help adapt to your specific data schema.
No. The deployment guide is written for a mid-level SOC analyst. Most customers are live in under 2 hours.
Yes โ all queries are plain text. Edit field names, thresholds, and logic in Elastic SIEM directly.
Yes โ create a free account and download a sample PDF to review content before purchasing.
Single-organisation commercial license. Use across your team. Redistribution prohibited.
Yes โ one year of free updates included.
Use code LAUNCH20 for 20% off
All sales final โ no refunds on digital downloads