Active Directory Auditing (WinLogBeats) - Graylog 3.0.2+

Active Directory Auditing (WinLogBeats) - Graylog 3.0.2+

@reighnman

Download from Github
View on Github
Open Issues
Stargazers

Tested with WinLogBeats(Sidecar-Collector)/Windows 2012R2 Domain Controllers/Graylog 3.0.2/WinLogBeats

This content pack provides several useful dashboards for auditing Active Directory events:

  • DNS Object Summary - DNS Creations, Deletions
  • Group Object Summary - Group Creations, Modifications, Deletions, Membership Changes
  • User Object Summary - Account Creations, Deletions, Modifications, Lockouts, Unlocks
  • Computer Object Summary - Computer Object Creations, Deletions, Modifications
  • Logon Summary - Failed Authentication Attempts, Interactive Logins