ManageEngine Log360 integrates with ADAudit Plus to ingest audit logs related to user activities like logon actions and changes to OUs, GPOs, computers, and domain policies, enabling deeper insights into AD-related activities through a unified SIEM console.
How ADAudit Plus logs are collected in Log360
Log360 helps you collect ADAudit Plus logs with its log import capability and agentless log collection method:
- Log360 supports importing logs from ADAudit Plus. It lets you manually or periodically import log files from ADAudit Plus or other devices. You can import locally stored logs or fetch logs from a remote location using various authentication methods.
- You can also send ADAudit Plus logs using the standard syslog protocol by forwarding syslog messages to Log360's syslog listener though TCP, UDP, or TLS.
Once collected, the logs are then extracted and structured to enable further processing.
Critical AD and file auditing events tracked
With the ADAudit Plus component, you can track the following:
- User logon and logoff events and session details
- Permission and ownership changes across OUs, GPOs, and devices
- Password and account lockout policy changes
- Failed attempts to access files and folders
- Users added to highly privileged security groups
- Logons at unusual times and failed authentication attempts
- Mass file deletions and unauthorized data access
- Changes to group memberships and privileged accounts
- Modifications to security permissions and audit configurations
- GPO edits and deployment failures impacting domain behavior
Key benefits of the integration
- Threat detection and response: With the ADAudit Plus module's Attack Surface Analyzer, you can detect and investigate some of the most common AD attacks, like Golden Ticket, Silver Ticket, and Kerberoasting attacks. Additionally, identify unsafe Cloud Directory configurations that leave your environment vulnerable to attacks. These capabilities work in tandem with Log360's security analytics engine, protecting all layers of your network infrastructure.
- User behavior analytics: Find anomalous logon, user management, and file activities by leveraging the machine learning capability.
- Risk assessments: Detect and respond to risks like a user utilizing privileges for the first time or accounts with an excessive number of logon failure events.
- AD backups and restorations: Back up all your AD objects easily and restore them to their previous states when needed.
Log360 also enables you to correlate ADAudit Plus' error and access logs with other logs from your network to improve your investigations and detect anomalies faster.
The integration further empowers you to audit your ADAudit Plus instance for any potential risks, such as suspicious access attempts, which aids in complying with regulatory mandates by centralizing the logs from your auditing applications.
