Service accounts tracker for Kibana

Service accounts is a necessary evil in every company of any size. Service accounts mostly unpersonalized, shared, privileged, with non expired passwords. This is a big challenge for any compliance. You can’t just prohibit service accounts operation, disable them or ignore this problem. And first step on the way of the situation improvement is to start tracking of Service accounts usage. You already have all necessary information for that in your SIEM. You just need to download and install “Service Accounts Tracker” Use Case that processes this information and visualize it in simple and actionable way.
Here how it looks like -


Link for more info - https://my.socprime.com/en/integrations/service-accounts-tracker-kibana

It's not entirely clear what this is about.

Is it a plugin? It is only for Kibana 5.X? Is it free? What does it integrate with?

Hi, thanks for your questions.

  1. Yes, it is a plugin.
  2. For Kibana 6.1 or higher.
  3. You can download it for free after the registration at https://tdm.socprime.com
  4. It works with any events which contain information about source or destination user names in CEF format.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.