Credential Management and Consolidation
Overview
This project addressed the critical need for automated monitoring of user authentication events across the enterprise. By consolidating logs from Active Directory (AD) and Cisco ISE, we created a unified view of login patterns. The system automatically flags anomalies such as concurrent logins from geographically distant locations, unusual login times, or multiple failed attempts followed by a success.
The Solution
We implemented a centralized log ingestion pipeline using Splunk to aggregate data from AD and Cisco ISE. Custom correlation rules were developed in Python and PowerShell to analyze these logs in real-time. When suspicious activity is detected, the system triggers automated responses, such as temporary account lockout or alerting security analysts via a dedicated dashboard, significantly reducing the mean time to respond (MTTR) to potential credential compromises.