Description
Monitors for new TGT tickets appearing in logon sessions at a specified interval.
Overview
Continuously monitors for new TGT (krbtgt) tickets appearing in logon sessions at a configurable interval. Useful for capturing TGTs as users authenticate. Requires elevated privileges.
Arguments
| Parameter | Type | Description |
|---|---|---|
| FilterUser | string | Only monitor TGTs for this specific user. |
| Interval | int | Monitoring interval in seconds. Default: 60. |
| RunFor | int | Total seconds to run before stopping. |
Dependencies
- AD
Operating Systems
- Windows