Windows authentication traffic metrics
Displays Windows-collected authentication traffic metrics from your domain controllers, including Kerberos authentications, NTLM authentications, LDAP binds, and LDAP searches per second. These are native Windows performance counters and do not represent traffic inspected by Identity Protection - they provide baseline visibility into overall domain controller activity.
Identitymonitoring
FDR intermediatepor CrowdStrike (cql-hub.com) 1 min read
Query
#repo=base_sensor #event_simpleName="IdpDcPerfReport"
| aid=?SelectedAid
| IdpPerfCounterAvg:= IdpPerfCounterSum / IdpPerfSampleCount
| timeChart(span=15m, function=[avg("IdpPerfCounterAvg")], series=IdpPerfCounterPath)Explicación
Importado desde cql-hub.com. Agrega explicación de pipes aquí.
Variables a ajustar
Revisa y ajusta los valores según tu entorno.