Panel | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
What is AD Audit? Active Directory Auditing. This is a syncing process that starts from the probe agent action menu and syncs Active Directory data every 15 minutes. It includes the data for AD Users, AD Computers, AD OUs, and AD Groups data. We are triggering Alerts by taking the data from AD Audit and mapping this against the AD Audit event set group. Event Set Group, as shown below. NOTE: The AD Audit Event Set alerts are available for any integration that supports the Event Set options. Go to Global > Overview/Dashboard > Integrations and tap the tile to see available options. |
...
Active Directory - AD Audit - Table of Contents
Table of Contents | ||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
...
Active Directory - AD Audit - Overview
Note |
---|
You must enable Audit Events to use the AD Audit function. See https://cybercns.atlassian.net/wiki/spaces/CVB/pages/2103410704/V4+Scan+Types#Active-Directory-Scan for complete information on getting this enabled. |
...
AD Audit presents a dashboard with metrics for Event Stats, User Stats, and Enabled/Disabled Users.
...
Active Directory - AD Audit - Details
Event Stats
This graph contains the following data points:
A directory service object was created (Success)
A group service object was modified (Success)
A logon was attempted using explicit credentials (Success)
A security-enabled local group was deleted
A session was disconnected from a Windows Station (Success)
A session was reconnected from a Windows Station (Success)
An attempt was made to reset an account password
Login Failure
Login Success
The workstation was locked (Success)
The workstation was unlocked (Success)
User Account was created
User Account was enabled
...
User Stats
This graph contains the user account data points based on activity.
...
Enabled and Disabled Users
This graph shows the % of disabled vs enabled users.
...
AD User Audit
This section contains the following data fields:
Event Name
Event ID
Target User Name
Target Domain Name
Session Name
Client Name
Client Address
Computer Name
Channel
Provider Name
...
AD Computer Audit
This section contains the following data fields:
Event Name
Event ID
Target User Name
Target Domain Name
Session Name
Client Name
Client Address
Computer Name
Channel
Provider Name
...
AD OU Audit
This section contains the following data fields:
Event Name
Event ID
Target User Name
Target Domain Name
Session Name
Client Name
Client Address
Computer Name
Channel
Provider Name
...
AD Group Audit
This section contains the following data fields:
Event Name
Event ID
Target User Name
Target Domain Name
Session Name
Client Name
Client Address
Computer Name
Channel
Provider Name
...
Active Directory - AD Audit - Action Toolbar Overview
The standard Alerts are available from the side toolbar.
...
...
Need Support?
Contact our support team by sending an email to support@connectsecure.com or by visiting our Partner Portal, where you can create, view, and manage your tickets.
...