Semperis Directory Services Protector

Semperis Directory Services Protector Logo

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Back to Solutions Index

Attribute Value
Publisher Semperis
Support Tier Partner
Support Link https://www.semperis.com/contact-us/
Categories domains
Version 3.0.2
Author Semperis
First Published 2021-10-18
Solution Folder Semperis Directory Services Protector

The Semperis Directory Services Protector solution provides the capability to ingest Windows event logs (i.e., Indicators of Exposure and Indicators of Compromise) into Microsoft Sentinel.

Underlying Microsoft Technologies used:

This solution takes a dependency on the following technologies, and some of these dependencies either may be in Preview state or might result in additional ingestion or operational costs:

a. Agent based logs collection from Windows and Linux machines

Contents

Data Connectors

This solution provides 1 data connector(s):

Tables Used

This solution uses 2 table(s):

Table Used By Connectors Used By Content
CommonSecurityLog - Workbooks
SecurityEvent Semperis Directory Services Protector Analytics, Workbooks

Content Items

This solution includes 15 content item(s) (13 in solution, 2 discovered 🔍):

Content Type Total In Solution Discovered
Analytic Rules 8 8 -
Workbooks 6 4 2
Parsers 1 1 -

Analytic Rules

Name Severity Tactics Tables Used
Semperis DSP Failed Logons Medium InitialAccess, CredentialAccess SecurityEvent
Semperis DSP Kerberos krbtgt account with old password Medium CredentialAccess SecurityEvent
Semperis DSP Mimikatz's DCShadow Alert High DefenseEvasion SecurityEvent
Semperis DSP Operations Critical Notifications Medium InitialAccess, CredentialAccess, ResourceDevelopment SecurityEvent
Semperis DSP RBAC Changes Medium PrivilegeEscalation, Persistence SecurityEvent
Semperis DSP Recent sIDHistory changes on AD objects High PrivilegeEscalation, Persistence SecurityEvent
Semperis DSP Well-known privileged SIDs in sIDHistory Medium PrivilegeEscalation, DefenseEvasion SecurityEvent
Semperis DSP Zerologon vulnerability Medium PrivilegeEscalation SecurityEvent

Workbooks

Name Tables Used
SemperisDSPADChanges CommonSecurityLog
SemperisDSPNotifications CommonSecurityLog
SecurityEvent
SemperisDSPQuickviewDashboard CommonSecurityLog
SecurityEvent
SemperisDSPSecurityIndicators CommonSecurityLog
SecurityEvent
SemperisDSPWorkbook ⚠️ SecurityEvent
workbooksMetadata ⚠️ -

Parsers

Name Description Tables Used
dsp_parser - SecurityEvent (read)

⚠️ Items marked with ⚠️ are not listed in the Solution JSON file. They were discovered by scanning the solution folder and may be legacy items, under development, or excluded from the official solution package.

Release Notes

Version Date Modified (DD-MM-YYYY) Change History
3.0.2 23-04-2025 Updated Analytical Rule and Parser
3.0.1 28-03-2025 Removed duplicate query and fixed query in Workbook SemperisDSPSecurityIndicators.
3.0.0 18-03-2025 Fixed correct function name in Workbook SemperisDSPSecurityIndicators.

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Back to Solutions Index