locked
is Citrix raising the Reconnaissance using directory services queries ATA alerts? RRS feed

  • Question

  • Hello,

    I received two "Reconnaissance using directory services queries" ATA alerts with the Citrix XenApp Application and Citrix Infrastructure Servers as the source machines.

    Do you know if Citrix might, by any chance, enumerate lots of users in a domain or at least ATA might see this that way?

    Thank you very much in advance.

    Regards,
    MSSOC
    Monday, February 12, 2018 6:21 PM

All replies

  • Hello,

    Since the ATA generates this alert, the Citrix servers should perform the actions for querying the directory.

    However, as far as I know, if the Citrix servers want to authenticate users with Active Directory, they should integrate with the Active Directory. Maybe this is the cause.

    I would also recommend to confirm it with Citrix.

    Best regards,

    Andy Liu


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, February 13, 2018 7:59 AM