• Liv4IT
  • 3 ай бұрын
  • 577
  • 1

How To Monitor Windows Active Directory with Splunk

How To Monitor Windows Active Directory with Splunk
An active directory is simply a database that contains users, computers, groups, and many more. To use an active directory a server must install a service known as active directory domain services and then the server is promoted to a domain controller. Promoting the server to a domain controller will grant the user the capability to perform authentication using Kerberos.
Splunk is known to be a data analytics platform that allows organizations to transform machine-generated data into actionable insights in real-time. It enables organizations to gain worthwhile insights from the massive amounts of data generated by their IT systems, applications, and servers.
In this video, I will show you How To Monitor Windows Active Directory using Splunk Enterprise.
🌸 Support channel & make donation :
www.paypal.me/aminenina/10
🌸 Subscribe for more videos :
KZread: / aminosninatos
🌸 Follow me On Social Media
Facebook : / aminosninatos
***********************************************************************
🌸 How To Install And Integrate Splunk Universal Forwarder on Windows
• How To Install And Int...
🌸 How To Install And Integrate Splunk Universal Forwarder In Linux
• How To Install And Int...
🌸 Cisco ASA Visualization in Splunk
• Cisco ASA Visualizatio...
🌸 Cisco ASA Splunk Basic Searching & Reporting
• Cisco ASA Splunk Basic...
🌸 How To Configure Splunk As Syslog Server for Cisco ASA
• How To Configure Splun...
🌸 Cisco ISE Configuring TACACS+ Authentication for CISCO ASA
• Cisco ISE Configuring...
🌸 How To Configure Cisco ASA for Sending Syslog Messages
• How To Configure Cisco...
🌸 Cisco ASA Basic Troubleshooting Commands
• Cisco ASA Basic Troubl...
🌸 Cisco ASA TCP Connection Flags Explained
• Cisco ASA TCP Connecti...
🌸 Cisco ASA Firewall Packet Tracer for Network Troubleshooting
• Cisco ASA Firewall Pac...
🌸 How to execute Linux Commands on Cisco IOS
• How to execute Linux C...
🌸 How to configure AAA authentication on Cisco IOS
• How to configure AAA a...
🌸 How to protect Cisco devices against DoS attacks
• How to protect Cisco d...
🌸 How To protect Cisco Devices against CDP Flood Attack
• How To protect Cisco D...
🌸 How to prevent SNMP Attack on Cisco IOS devices
• How to prevent SNMP At...
🌸 How to protect Cisco Devices against HSRP Attack
• How to protect Cisco D...
🌸 How to protect Cisco Devices against DHCP Denial of service
• How to protect Cisco D...
🌸 How to protect Cisco Devices against ARP poisoning attack
• How to protect Cisco D...
🌸 How to protect Cisco Devices against Vlan Hopping Attack
• How to protect Cisco D...
🌸How to protect Cisco Devices against SSH brute force attack
• How to protect Cisco D...
🌸 What ia the difference between Cisco IOS and IOS XR
• What ia the difference...
🌸 How to exploit Cisco Router using RouterSploit Framework
• How to exploit Cisco R...
🌸 How to pentest Cisco Devices using cisco-torch tool
• How to pentest Cisco D...
🌸 How to exploit Cisco Devices TFTP Server
• How to exploit Cisco D...
🌸 How to exploit Cisco Devices SNMP using Kali Linux
• How to exploit Cisco D...
🌸Cisco configuration Archive & Rollback Feature
• Cisco configuration Ar...
***********************************************************************
#splunk #activedirectory #windows

Пікірлер: 2

  • @ismailbensikali5579
    @ismailbensikali557911 күн бұрын

    Hello, Nice video. I am confused on what logs are being sent from your Ad controller to Splunk. How the forwarder select what type of logs he will forward? is it forwarding everything (all logs from server SRV-W2K19 ?) . Also, how Splunk determines the source type ? (you did not specify it on your inputs.conf) Thanks!

  • @Liv4IT

    @Liv4IT

    11 күн бұрын

    To choose the type of logs that a domain controller sends to the Splunk forwarder, you need to configure the input settings on the Universal Forwarder installed on the domain controller. Here are the general steps: 1. **Install the Splunk Universal Forwarder on the Domain Controller:** - Download and install the Splunk Universal Forwarder on your domain controller if it’s not already installed. 2. **Configure Inputs on the Forwarder:** - You need to define which logs you want to collect in the `inputs.conf` file. This file is typically located in the `$SPLUNK_HOME/etc/system/local/` directory on the forwarder. 3. **Edit the `inputs.conf` File:** - Open the `inputs.conf` file in a text editor and specify the types of logs you want to collect. For example, to collect Windows Event Logs, you can add entries like: [WinEventLog://Security] disabled = 0 index = your_index_name [WinEventLog://Application] disabled = 0 index = your_index_name [WinEventLog://System] disabled = 0 index = your_index_name - Adjust the `index` parameter to the name of the index where you want to store the logs in Splunk. 4. **Specify Additional Inputs if Needed:** - You can also collect other types of logs such as file-based logs or other event channels. For example, to collect logs from a specific file, you can add: [monitor://C:\path\to\your\logfile.log] disabled = 0 index = your_index_name sourcetype = your_sourcetype 5. **Restart the Splunk Forwarder:** - After making changes to the `inputs.conf` file, restart the Splunk Universal Forwarder to apply the changes. You can restart it using the command line: $SPLUNK_HOME/bin/splunk restart 6. **Verify Data Collection:** - Ensure that the data is being collected by checking the index in your Splunk instance. You can do this by running a search query in the Splunk search interface. index=your_index_name These steps should help you configure the type of logs your domain controller sends to the Splunk forwarder. Make sure you have appropriate permissions and follow security best practices when accessing and modifying configuration files on your domain controller.