Active Directory

Version: Windows Server 2012 R2, 2008 R2, 2003.

Active Directory is a centralized and standardized system that automates network management of user data, security, and distributed resources, and enables interoperation with other directories. Active Directory is designed especially for distributed networking environments.

With Netsurion Open XDR, organizations have complete visibility into their IT infrastructure. Know what’s happening now, what happened previously, what changed, and be compliant.

Netsurion Open XDR offers a high-level view, but allows you to drill down to the most granular level and provide you with the information you need – whether you are in charge of overall implementation, security, and compliance, or focused on the details of the events of specific devices.

Netsurion Data Source Integration for Active Directory allows you to monitor following:-

  • Monitoring computers added or deleted to active directory.
  • Monitoring group added, group deleted, group changed, group type changed and group member added or removed activities.
  • Monitoring group policy actions such as added, changed and deleted.
  • Monitoring Organizational unit and sub Organizational unit events like added, deleted, in active directory.

After the Active Directory is configured to deliver events to the Netsurion Open XDR, the dashboards and reports can be configured into Netsurion Open XDR.

The following are the key Data Source Integration available in Netsurion Open XDR.

Alerts

Type Name Description
Security Active Directory – Group policy changed This alert is generated when group policy changed in Windows Active Directory.
Security Active Directory – AD cannot update object This alert is generated when object cannot be updated in Active Directory.
Security Active Directory – AD database is corrupt This alert is generated when Active Directory database gets corrupted.

Reports

Type Name Description
Security Active Directory – OU added This category based report provides information related to Organization Unit added to Active Directory.
Security Active Directory – Objects modified This category based report provides information related to directory service object was modified.
Security Active Directory – Local group deleted This category based report provides information related to group deleted from Windows Active Directory.
Security Active Directory – Group policy changed This category based report provides information related to group policy changed in Windows Active Directory.
Security Active Directory – Group member removed This category based report provides information related to members were removed from Active Directory group.

Documentation

The configuration details are consistent with Netsurion Open XDR 7.x or later, and Microsoft Windows server 2000, 2003, 2008, 2012.

Download Integration Guide for configuration instructions and more information.