API Reference
Class
KerberosEventLogParser
Parses Kerberos ticket related security log events and provides analysis helpers.
Inheritance
- Object
- KerberosEventLogParser
Remarks
See usage examples in the unit tests for typical scenarios.
Constructors
public KerberosEventLogParser(Func<String, IEnumerable<KerberosTicketEvent>> readEvents = null) #Initializes a new instance of the KerberosEventLogParser class.
Parameters
- readEvents System.Func{System.String,System.Collections.Generic.IEnumerable{ADPlayground.KerberosTicketEvent}} = null
- Optional delegate used to retrieve events.
Methods
public IEnumerable<KerberosTicketEvent> Audit(String computerName = null) #Returns:
IEnumerable<KerberosTicketEvent>Logs warnings for events using weak encryption or having long lifetimes and returns those events for additional analysis.
Parameters
- computerName System.String = null
- Target computer or null for local.
Returns
Collection of events that used weak encryption or had long lifetimes.
public static IEnumerable<KerberosTicketEvent> FilterLongLifetimes(IEnumerable<KerberosTicketEvent> events, TimeSpan threshold) #Returns:
IEnumerable<KerberosTicketEvent>Filters events with ticket lifetimes exceeding the provided threshold.
Parameters
- events System.Collections.Generic.IEnumerable{ADPlayground.KerberosTicketEvent}
- threshold System.TimeSpan
public static IEnumerable<KerberosTicketEvent> FilterWeakEncryption(IEnumerable<KerberosTicketEvent> events) #Returns:
IEnumerable<KerberosTicketEvent>Filters events using weak encryption algorithms.
Parameters
- events System.Collections.Generic.IEnumerable{ADPlayground.KerberosTicketEvent}
public IEnumerable<KerberosTicketEvent> GetEvents(String computerName = null) #Returns:
IEnumerable<KerberosTicketEvent>Reads Kerberos ticket events from the Security log of the specified computer.
Parameters
- computerName System.String = null
- Remote computer or null for local.
Returns
Collection of ticket events.