Splunk Enterprise Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to integrate Splunk for Enterprise Security with Active Directory to detect security events?

rubeniturrieta
Communicator
‎04-17-2015 08:25 AM

Hi everyone,

I have Splunk App for Enterprise Security, and i want to integrate it with Active Directory. I already have a dynamic lookup with assets from AD, but i want to detect security events, for example, a brute force attempt in Splunk App for Enterprise Security with Active Directory data. How can I do this?

Thanks you so much in advance

Regards

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

mdessus_splunk
Splunk Employee
Splunk Employee
‎05-03-2015 01:48 PM

Just use an universal forwarder on your AD host, with the windows/AD specific TA. See here for more details: https://splunkbase.splunk.com/app/1680/#/overview

View solution in original post

Reply
Solved! Jump to solution
Solution

mdessus_splunk
Splunk Employee
Splunk Employee
‎05-03-2015 01:48 PM

Just use an universal forwarder on your AD host, with the windows/AD specific TA. See here for more details: https://splunkbase.splunk.com/app/1680/#/overview

Reply
Get Updates on the Splunk Community!

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...

SignalFlow: What? Why? How?

What is SignalFlow? Splunk Observability Cloud’s analytics engine, SignalFlow, opens up a world of in-depth ...

Federated Search for Amazon S3 | Key Use Cases to Streamline Compliance Workflows

Modern business operations are supported by data compliance. As regulations evolve, organizations must ...