TestimoX

API Reference

Class

PassTheCredentialDetector

Edit on GitHub
Namespace ADPlayground.Audit
Assembly ADPlayground
Source ADPlayground/Audit/PassTheCredentialDetector.cs:15

Detects potential pass-the-credential activity using Security log events.

Inheritance

  • Object
  • PassTheCredentialDetector

Constructors

public PassTheCredentialDetector(Func<String, IEnumerable<PassTheCredentialEvent>> getEvents = null) #
ADPlayground/Audit/PassTheCredentialDetector.cs:15

Initializes a new instance of the PassTheCredentialDetector class.

Parameters

getEvents System.Func{System.String,System.Collections.Generic.IEnumerable{ADPlayground.Audit.PassTheCredentialEvent}} = null optionalposition: 0
Delegate retrieving credential logon events.

Methods

public IEnumerable<PassTheCredentialEvent> GetSuspiciousEvents(String computerName = null, Nullable<TimeSpan> observationWindow = null) #
Returns: IEnumerable<PassTheCredentialEvent>

Enumerates suspicious credential usage events on the specified computer.

Parameters

computerName System.String = null optionalposition: 0
Target computer or null for local.
observationWindow System.Nullable{System.TimeSpan} = null optionalposition: 1
Time window to correlate events.

Returns

Collection of suspicious credential events.