AD monitoring, SIEM?

lucasbohanan3647 · 2015-02-13T14:59:35.000Z

Hi guys, fairly new to this, we are being requested to have some type of AD Monitoring/Event tracking and notification system for when someone makes a change on AD, etc. Would I need to be looking at a SIEM or another type of tool? Any suggestions?

danielsalzedo · 2015-02-13T19:53:45.000Z

I’ve not used it myself but Quest (Now owned by Dell) have the Change Auditor product for Active Directory:

http://software.dell.com/products/change-auditor-for-active-directory/

anil-lepide · 2015-02-16T08:22:17.000Z

You can have a look on our Lepide auditor suite ( Active Directory Auditing Tool - Audit & Report AD Changes ) that exactly meets to your requirement and would be a perfect approach to resolve active directory auditing purpose. It helps to audit all the critical changes into real time and alerts immediately by sending customized email notification.

Active-Directory-Tracking.png800×410 145 KB

michael-netwrix · 2015-02-16T08:54:54.000Z

There is Netwrix Auditor for Active Directory solution (20 day of free trial) with real-time alerting and more than 200 predefined reports to show you any changes you need.

naad.png800×739 336 KB

And in case you just need SIEM without reports you can always use free Netwrix Event Log Manager it collects and consolidates event logs from multiple computers across the network, provides archiving, and generates alerts.

@Netwrix

megan-for-tibco · 2015-02-17T19:30:33.000Z

Hi Lucas – You may want to look into a tool that specializes in log management. Since you’re new to this area, something like TIBCO LogLogic might be able to help you out with AD monitoring / event tracking. When it comes to ease of use, the tool will make it easy to build and execute queries. With LogLogic, you’ll be able to ingest data from any source and gain insight with real-time alerting, correlation, and visual analytics. If you’d like to learn more about how LogLogic might be able to help you, you can go here or reach out to me for more info. Hope this helps - let me know if I can be of further assistance!

vidya-zoho · 2015-02-18T11:16:33.000Z

Hi Lucas,

You can look at ADAudit Plus for all your Active Directory Audit requirements:

manageengine.com

ManageEngine ADAudit Plus | A UBA-driven change auditor

ADAudit Plus helps keep your Active Directory, file servers, Windows servers and workstations secure and compliant. Download a 30-day trial now.

For extensive event tracking and notifications, look at our SIEM solutions - Event Log Analyzer.

manageengine.com

Log management solution | IT compliance tool - ManageEngine EventLog Analyzer

EventLog Analyzer is an affordable log management & IT compliance software that collects, analyzes, correlates, and archives log data from different devices and application to ensure network security.

Both the solutions come with a 30-days fully functional free trial besides a free edition.

Will be happy to assist on any queries you might have.

@ManageEngine