Splunk Enterprise Security
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to integrate Splunk for Enterprise Security with Active Directory to detect security events?

rubeniturrieta
Communicator
‎04-17-2015 08:25 AM

Hi everyone,

I have Splunk App for Enterprise Security, and i want to integrate it with Active Directory. I already have a dynamic lookup with assets from AD, but i want to detect security events, for example, a brute force attempt in Splunk App for Enterprise Security with Active Directory data. How can I do this?

Thanks you so much in advance

Regards

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

mdessus_splunk
Splunk Employee
Splunk Employee
‎05-03-2015 01:48 PM

Just use an universal forwarder on your AD host, with the windows/AD specific TA. See here for more details: https://splunkbase.splunk.com/app/1680/#/overview

View solution in original post

Reply
Solved! Jump to solution
Solution

mdessus_splunk
Splunk Employee
Splunk Employee
‎05-03-2015 01:48 PM

Just use an universal forwarder on your AD host, with the windows/AD specific TA. See here for more details: https://splunkbase.splunk.com/app/1680/#/overview

Reply
Get Updates on the Splunk Community!

Preparing your Splunk Environment for OpenSSL3

The Splunk platform will transition to OpenSSL version 3 in a future release. Actions are required to prepare ...

Unleash Unified Security and Observability with Splunk Cloud Platform

     Now Available on Microsoft AzureThursday, March 27, 2025  |  11AM PST / 2PM EST | Register NowStep boldly ...

Splunk AppDynamics with Cisco Secure Application

Web applications unfortunately present a target rich environment for security vulnerabilities and attacks. ...
Top