Active Directory Auditing (WinLogBeats) - Graylog 3.0.2+

dscryber · March 7, 2022, 7:54pm

Active Directory Auditing (WinLogBeats) - Graylog 3.0.2+

@reighnman

Download from Github
View on Github
Open Issues
Stargazers

Tested with WinLogBeats(Sidecar-Collector)/Windows 2012R2 Domain Controllers/Graylog 3.0.2/WinLogBeats

This content pack provides several useful dashboards for auditing Active Directory events:

DNS Object Summary - DNS Creations, Deletions
Group Object Summary - Group Creations, Modifications, Deletions, Membership Changes
User Object Summary - Account Creations, Deletions, Modifications, Lockouts, Unlocks
Computer Object Summary - Computer Object Creations, Deletions, Modifications
Logon Summary - Failed Authentication Attempts, Interactive Logins

SamanthaHain · August 25, 2022, 4:36pm

Works well. I had to update field names. Only issues were the DNS queries - I have to adjust those as I only had one result for a 365 day query - not sure what the issue is with those at this time.

Topic		Replies	Views
Active Directory Auditing (NXLOG) - Graylog 2.x Content Pack content-pack	0	3127	March 7, 2022
Active Directory Auditing Graylog Central (peer support)	3	1330	March 15, 2023
How to Log Using Active Directory Auditing (WinLogBeat) Graylog Add-ons sidecar , winlogbeat	1	1161	December 25, 2020
New greylog references of the new version Graylog Central (peer support)	2	608	December 2, 2022
Active Directory Audit - Reporting and Alerting for Graylog Other Solutions other_solutions	1	9039	November 16, 2022

Active Directory Auditing (WinLogBeats) - Graylog 3.0.2+

Active Directory Auditing (WinLogBeats) - Graylog 3.0.2+

Related topics