Description
I developed a C# program designed to detect abnormal account usage patterns, focusing on identifying lateral movements and unauthorized access attempts. The system:
- Continuously queries the SIEM for account-to-server connection logs.
- Tracks account/server connection pairs in a SQL Server database.
- Generates automated alerts by email to the detection and response team for any new account/server pair not previously recorded.
- Filters out legitimate accounts through a tailored approach to minimize false positives.
The solution strengthened the organization’s detection capabilities by providing real-time visibility into unusual account activities, enhancing the identification of lateral movements with minimal false positives.
Technology used
- C#
- SIEM
- SQL Server