Microsoft Defender Reporting Successful Login Attempts

Question

Microsoft Defender Reporting Successful Login Attempts

ikspozd opened this issue a year ago · 4 comments

Hello,

Does SharpHound.ps1 attempt to log into workstations when querying AD?

Thanks

Answer 1 · 2023-10-31T14:45:44.000Z

Workstation logons will be attempted only if you are enumerating local group memberships and/or sessions. These will be non-interactive logons.

Answer 2 · 2023-10-31T14:56:14.000Z

@StephenHinck is there a way to disable that feature?

Answer 3 · 2023-10-31T14:58:33.000Z

If you choose not to use those collection methods, it will not be attempted. You'd want to avoid methods such as All, ComputerOnly, Session, LoggedOn, etc

See: https://support.bloodhoundenterprise.io/hc/en-us/articles/17481375424795-All-SharpHound-Community-Edition-Flags-Explained

Answer 4 · 2023-10-31T15:14:20.000Z

Excellent thanks!