Interface Mode

Monitor and explore process LDAP, SAM and WMI activity to help troubleshoot problems or gain additional insight into Active Directory activity.

Learn more

Sensor Mode

Install Active Directory Query Monitor to monitor, record and report all process LDAP, SAM, and WMI activity on a system. Deploy and configure ADQM through GPO and send data directory to your SIEM.

Learn more

Security and Visibility

Enhance your network's security posture by monitoring and logging process-level LDAP, SAM and WMI activity so that suspicious process queries can be identified before an attacker is able to spread latterally.

Learn more

Why Monitor Queries?

Because Active Directory is complex and ripe for exploitation.

Sometimes things just don't work and figuring out why can be a challenge. Troubleshooting at the Domain Controller level doesn't always cut it and network level debugging may not be feasible. Plus, if native tools do not help who really wants to install third-party software on a DC or make configuration changes that may cause even more problems? Only client side, process level captures can truly help pinpoint query problems at the source without the risk or hassle of installing new software on a Domain Controller.

From a security perspective, Active Directory is a tempting target for attackers on your network. It is a treasure trove of valuable information that attackers can use to pivot and move around your network. Gaining process level insight in the early stages of an attack can mean the difference between a successful breach and one that is stopped.

With Active Directory Query Monitor, you can troubleshoot troublesome processes and enhance your network security posture by monitoring for reconnaissance and lateral movement attempts.

Live Capture

Monitor processes to capture LDAP, SAM and WMI activity and queries as they happen.

Learn more

Process Details

Gain insight into process activity against Active Directory for troubleshooting or security.

Learn more

View Raw Results

View the raw memory capture results before they are processed by the application.

Learn more

Re-run Queries

Easily re-run captured queries and browse the returned data.

Learn more

Targeted Capture

You can target specific processes or capture queries system wide.

Learn more

Designed for Enterprise

Simple setup and configuration with Group Policy and SIEM Integrations.

Learn more

Compare Versions

ADQM comes in two different flavors. One is geared towards troubleshooting while the other is meant to provide visibility for enhanced security. Read more to figure out which is right for your requirements or contact us if you have questions.

Learn more