Abstract: In some examples, active directory management and remediation may include obtaining data associated with active directories, and generating, based on the obtained data, a data model that includes a plurality of active directory concepts. A graph may be generated and include the active directory concepts as nodes and relationships between the nodes. The graph may be analyzed to identify user to group memberships. A membership score and a reasoning for the membership score may be determined for each identified user to group membership of the user to group memberships. The membership score and the reasoning for the membership score may be analyzed for each identified user to group membership. Further, based on the analysis of the membership score and the reasoning for the membership score, the at least one of the user to group memberships may be remediated.

Abstract: In some examples, closed loop monitoring based privileged access control may include identifying a ticket that includes a specification of an incident that is to be remedied and determining an intent of the ticket. A privileged access command library may be analyzed to determine a plurality of privileged access steps that can be performed to remedy the incident. A source file associated with procedures that were performed to remedy the incident may be analyzed. A plurality of events may be identified using the source file and filtered based on the plurality of privileged access steps that can be performed to remedy the incident. At least one event that includes at least one other privileged access step that is not one of the plurality of privileged access steps that can be performed to remedy the incident may be identified, and instructions may be generated to remedy the identified event.

Abstract: In some examples, closed loop monitoring based privileged access control may include identifying a ticket that includes a specification of an incident that is to be remedied and determining an intent of the ticket. A privileged access command library may be analyzed to determine a plurality of privileged access steps that can be performed to remedy the incident. A source file associated with procedures that were performed to remedy the incident may be analyzed. A plurality of events may be identified using the source file and filtered based on the plurality of privileged access steps that can be performed to remedy the incident. At least one event that includes at least one other privileged access step that is not one of the plurality of privileged access steps that can be performed to remedy the incident may be identified, and instructions may be generated to remedy the identified event.