Active Directory Auditing (WinLogBeats) - Graylog 3.0.2+

dscryber · March 7, 2022, 7:54pm

Active Directory Auditing (WinLogBeats) - Graylog 3.0.2+

@reighnman

Download from Github
View on Github
Open Issues
Stargazers

Tested with WinLogBeats(Sidecar-Collector)/Windows 2012R2 Domain Controllers/Graylog 3.0.2/WinLogBeats

This content pack provides several useful dashboards for auditing Active Directory events:

DNS Object Summary - DNS Creations, Deletions
Group Object Summary - Group Creations, Modifications, Deletions, Membership Changes
User Object Summary - Account Creations, Deletions, Modifications, Lockouts, Unlocks
Computer Object Summary - Computer Object Creations, Deletions, Modifications
Logon Summary - Failed Authentication Attempts, Interactive Logins

SamanthaHain · August 25, 2022, 4:36pm

Works well. I had to update field names. Only issues were the DNS queries - I have to adjust those as I only had one result for a 365 day query - not sure what the issue is with those at this time.

Topic		Replies	Views
Active Directory Auditing Graylog Central (peer support)	3	919	March 15, 2023
How to Log Using Active Directory Auditing (WinLogBeat) Graylog Add-ons sidecar , winlogbeat	1	1055	December 25, 2020
Active Directory Audit logs for accounts, DNS Graylog Central (peer support)	13	618	January 26, 2024
Windows 10/11 & Windows Server Security Log Content Pack content-pack	1	2101	December 16, 2023
Monitoring System Administrators Graylog Central (peer support) sidecar , nxlog , filebeat-linux , filebeat-windows , winlogbeat , nodatanx	10	1792	June 26, 2019

Active Directory Auditing (WinLogBeats) - Graylog 3.0.2+

Active Directory Auditing (WinLogBeats) - Graylog 3.0.2+

Related Topics