Active Directory Auditing (WinLogBeats) - Graylog 3.0.2+

Active Directory Auditing (WinLogBeats) - Graylog 3.0.2+


Download from Github
View on Github
Open Issues

Tested with WinLogBeats(Sidecar-Collector)/Windows 2012R2 Domain Controllers/Graylog 3.0.2/WinLogBeats

This content pack provides several useful dashboards for auditing Active Directory events:

  • DNS Object Summary - DNS Creations, Deletions
  • Group Object Summary - Group Creations, Modifications, Deletions, Membership Changes
  • User Object Summary - Account Creations, Deletions, Modifications, Lockouts, Unlocks
  • Computer Object Summary - Computer Object Creations, Deletions, Modifications
  • Logon Summary - Failed Authentication Attempts, Interactive Logins

Works well. I had to update field names. Only issues were the DNS queries - I have to adjust those as I only had one result for a 365 day query - not sure what the issue is with those at this time.

1 Like