Start Demo

The Platform

Solutions

Customers

Partners

Blog

More

Start the Democaret-right

Contact Uscaret-right
caret-left Back

ExtraHop
Reveal(x) 360

Cloud-native visibility, detection, and response
for the hybrid enterprise.

Learn More

How It Works

Competitive Comparison

Integrations and Automations

Cybersecurity Services

What is Network Detection and Response (NDR)?

Cloud-Native Security Solutions

Reveal(x) Enterprise: Self-Managed NDR
caret-left Back

Solutions

Learn More

Security

Cloud

IT Ops

Use Cases

Explore By Industry Vertical
caret-left Back

Customers

Customer resources, training,
case studies, and more.

Learn More

Customer Portal Login

Cybersecurity Services

Training

ExtraHop Support
caret-left Back

Partners

Partner resources and information about our channel and technology partners.

Learn More

Channel Partners

Integrations and Automations

Partners
caret-left Back

Blog

Learn More
caret-left Back

About Us

News & Events

Careers

Resources

caret-left Back

About Us

See what sets ExtraHop apart, from our innovative approach to our corporate culture.

Learn More

The ExtraHop Advantage

What Is Cloud-Native?

Contact Us

caret-left Back

News & Events

Get the latest news and information.

Learn More

Take the Hunter Challenge

Upcoming Webinars and Events

caret-left Back

Careers

We believe in what we're doing. Are you ready to join us?

Learn More

Careers at ExtraHop

Search Openings

Connect on LinkedIn

caret-left Back

Resources

Find white papers, reports, datasheets, and more by exploring our full resource archive.

All Resources

Customer Stories

Remote Access Resource Hub

Network Attack Library

Protocol Library

Documentation

Firmware

Training Videos

Back Arrow Bundle Library

Kerberos Threat Detection

Description

This bundle finds weak encryption algorithms in Kerberos connections, tracks usage of Kerberos services, and detects forged ticket-granting tickets (TGTs) that might allow attackers to escalate privileges or access Kerberos services.

Kerberos Threat Detection Dashboard

Note: The bundle might report false positives for forged tickets while the bundle initially caches tickets. By default, the trigger caches tickets for 24 hours, but this value can be changed to match your Kerberos ticket renewal time policy by modifying the renewal_time variable in the Kerberos Threat Detection trigger.

Bundle Contents

  • (1) Trigger
    • Kerberos Threat Detection
  • (1) Dashboard
    • Kerberos Threat Detection
  • (1) Dynamic Group
    • Kerberos Clients

Requirements

ExtraHop version 6.2.4 or later

Installation Instructions

Installation Instructions 1. Download the bundle on this page 2. Log into the ExtraHop Web UI and complete the following procedures: * Upload and apply a bundle - When applying the bundle, check the Apply included assignments checkbox. * In the Kerberos Attack Detection trigger, set the renewal_time variable to your Kerberos ticket renewal time setting before enabling the trigger.

+

ExtraHop uses cookies to improve your online experience. By using this website, you consent to the use of cookies. Learn More