Active Directory logs contain valuable information which must be closely monitored and analyzed.
Some examples are:
Configuration and policy events: These event logs are used to maintain the integrity of access policies, i.e. in ensuring that no one has mistakenly or maliciously changed the access policies and configuration.
Group and user audit: These audit logs provide comprehensive information regarding the creation/deletion of groups, logins/ logouts etc. This information is used to investigate security breaches and unauthorized access.
Active directory performance: These logs provide indications regarding the health and performance of the Active Directory services as well as user replication and errors throughout the system.
Security Breaches: These logs track and monitor changes to the AD schema and configuration and provide enhanced visibility for security forensics and attack detection.
The new Active Directory app allows you to stream AD events using out of the box connectors and set up the app in just a few clicks.
The result is quick visualization and insights out of your log data!
You can download free here - https://www.xplg.com/download/
Which insights you will be able to get automatically?
The App features a variety of ready-to-use reports and dashboards, specifically designed for Active Directory log data:
Security Detection – organizes the most important reports and graphs for security purposes. Using this gadget, you compare the number of failed to successful logins, view the failed login trend over time, the distribution of failed login users, and more.
User’s Management – monitors new, deleted, and changed users, user-related actions by administrators, changed account names and more.
Computer’s Management – monitors new, deleted, and changed computers, computer-related actions by administrators and more.
Group Management – monitors new deleted and changed groups, monitors changes in groups, changes in group types, new groups members, top active groups, and more.
User’s Access – monitors user access attempts, such as locked users (automatically tripped by a lockout policy or by administrators), top locked users, and more.
Logins and Logouts – monitors user log-ins / log-outs, including successful logins and logouts (+ per user), failed logins (+per user), and more.
Policies – monitors changes to the policies, including policy changes reports, top changed policies, top policy changes by admins, etc.
Passwords – monitors password resets, including password resets reports, password changes reports, password resets per admin, top reset users and more.
Directory services – monitors directory services and their operations, including created/modified objects reports, created/modified objects per admin, and more.
Trends – a centralized view of important Active Directory trends over time, such as created and deleted users/groups, locked and disabled users, failed logins, and more.