Name | Microsoft Active Directory |
Versions | N/A |
Type | Microsoft services |
logtypes | activeDirectory, activeDirectory-application, activeDirectory-security, activeDirectory-system |
In order to deploy the Active Directory App use the following page to prepare the log data - Preparing Active Directory Logs Data.
Deploying the App
Deploy the Active Directory App is available in the XpoLog by getting the App package from XpoLog website.
Once the App is successfully deployed (by default) all logs tagged in logtype: active directory will be included in the App. To change that simply edit the App and specify which logs to include or exclude.
Open and Use the App
Click on the deployed App
When the App will open you will see a list of available predefined dashboards. In each dashboard you can find a set of visualization gadgets, rules and searches that analyze the Active Directory logs.
Active Directory Dashboards and Gadgets
The Active Directory application contains a set of dashboards:
AD Information - a general information about events, out of the box problem, etc.
AD Service Activity - track changes to various AD messages and objects such as users, groups, Organizational Units, computers and group policy objects, etc.
Overview - a general overview of the environment including required restarts, updates errors, policy changes, etc.
Events Viewer - a console that enables events view from selected servers/domains/logs
Events Statistics - general statistics of top used sources, categories, types and event codes
Audit - a high level analysis of top applications, sources, users operations, events, etc.
Trends - logging activity of servers and logs over time last 1 day vs. last 7 days
Users Overview - users activity review such as logons over time, top users operations report, logons vs. logoffs, etc.
Use the user inputs while viewing a dashboard to filter the view to the desired values such as servers, domains, accounts, etc.