Start Demo

The Platform

For Security

For Cloud

For IT Ops

More

Start the Democaret-right

Contact Uscaret-right
caret-left Back

ExtraHop Reveal(x)

Cloud-native visibility, detection, and
response for the hybrid enterprise.

Reveal(x) 360

SaaS-based network detection
and response.

Learn More

How It Workscaret-right

Reveal(x) Enterprise

Self-managed network detection
and response.

Learn More

How It Workscaret-right
caret-left Back

For Security

Protect and scale your business with complete visibility, real-time threat detections, and intelligent response.

Learn More

Threat Detection and Response

Secure Decryption

Enterprise IoT Security

Secure Remote Access & Availability

Hygiene and Compliance

SecOps and NetOps Integration
caret-left Back

For Cloud

Secure rapid cloud adoption and maintain control of applications, workloads, and data in cloud or multi-cloud environments.

Learn More

Security for AWS

Security for Azure

Security for Google Cloud

Hybrid Security

Secure Remote Access & Availability

Shared Responsibility Assurance
caret-left Back

For IT Ops

Boost NOC/SOC collaboration and ensure availability and performance across your hybrid enterprise.

Learn More

Secure Remote Access & Availability

SecOps and NetOps Integration

Triage and Troubleshooting

Customer Experience Monitoring

Commercial Application Visibility

Monitoring Virtualization and SDN
caret-left Back

Customers

Partners

Resources

About Us

Blogcaret-right
caret-left Back

Customers

Customer resources, training,
case studies, and more.

Visit Customer Portal

Support

Professional Services

Training

Solution Bundles Gallery

Community Forums

caret-left Back

Partners

Partner resources and information about our channel and technology partners.

Visit Partner Portal

Channel Partner Program

Find a Technology Partner

Become a Partner

caret-left Back

Resources

Find white papers, reports, datasheets, and more by exploring our full resource archive.

All Resources

Customer Stories

Protocol Library

Documentation

Firmware

Training Videos

caret-left Back

About Us

See what sets ExtraHop apart, from our innovative approach to our corporate culture.

Learn More

The ExtraHop Difference

What Is Cloud-Native?

Careers

Newsroom

Upcoming Webinars and Events

Back Arrow Bundle Library

Kerberos Threat Detection

Description

This bundle finds weak encryption algorithms in Kerberos connections, tracks usage of Kerberos services, and detects forged ticket-granting tickets (TGTs) that might allow attackers to escalate privileges or access Kerberos services.

Kerberos Threat Detection Dashboard

Note: The bundle might report false positives for forged tickets while the bundle initially caches tickets. By default, the trigger caches tickets for 24 hours, but this value can be changed to match your Kerberos ticket renewal time policy by modifying the renewal_time variable in the Kerberos Threat Detection trigger.

Bundle Contents

  • (1) Trigger
    • Kerberos Threat Detection
  • (1) Dashboard
    • Kerberos Threat Detection
  • (1) Dynamic Group
    • Kerberos Clients

Requirements

ExtraHop version 6.2.4 or later

Installation Instructions

Installation Instructions 1. Download the bundle on this page 2. Log into the ExtraHop Web UI and complete the following procedures: * Upload and apply a bundle - When applying the bundle, check the Apply included assignments checkbox. * In the Kerberos Attack Detection trigger, set the renewal_time variable to your Kerberos ticket renewal time setting before enabling the trigger.

+

ExtraHop uses cookies to improve your online experience. By using this website, you consent to the use of cookies. Learn More