TIPS & TRICKS

Got Active Directory? Then you need Splunk App for Active Directory

Today at the Microsoft Teched 2012 conference we launched the Splunk App for Active Directory. This latest app helps organizations avoid service outages and provides proactive monitoring and compliance reporting of the Active Directory – all from one place.

The Splunk App for Active Directory contains over 60 dashboards covering the health, security and change monitoring of an Active Directory forest, including:

• Topology Monitoring (including FSMO roles, Global Catalogs)
• Service Monitoring and other health indicators
• Performance Monitoring
• Security – failed and successful logons, account lock outs and anomalous logon attempts
• Administrator audit
• Change Monitoring for users, groups, computer and policies
• Security Reporting for many normal requests by security auditors

Not only does Splunk App for Active Directory have some great reporting, but it can also improve the reporting of other applications, through additional lookups and dashboards:

• Temporal lookup that translates an IP address into the user that is logged in as that IP address, enabling correlation between other apps (such as Splunk App for Cisco Security) and Splunk App for Active Directory
• Augment existing events that include a username with information from Active Directory (such as phone #, or office location)
• Drill down dashboards for users, groups and computers to provide relevant information about those entities

The Splunk App for Active Directory v1.0 supports a single forest with a single domain and can handle data from Windows Server 2003 R2 up to Windows Server 2008 R2.

For information can be found here www.splunk.com/goto/adapp and the app can be downloaded from Splunkbase at http://splunk-base.splunk.com/apps/51338/splunk-app-for-active-directory

Splunk
Posted by

Splunk

Join the Discussion