Alsid / Tenable.ad
Alsid is an automated security solution that monitors the components of Active Directory infrastructures by detecting attacks in real time, identifying existing weaknesses and vulnerabilities.
The following table lists the data source offered by this integration.
||Alsid events bring information from Active Directory logs|
||Alsid alerts provide details on anomalies/threats detected in authentication logs|
||information on LDAP, DNS and Kerberos protocols are collected through Alsid logs|
As of now, the main solution to collect Alsid logs leverages the Rsyslog recipe. Please share your experiences with other recipes by editing this documentation.
Please refer to the documentation of Alsid to forward events to your rsyslog server. The reader is also invited to consult the Rsyslog Transport documentation to forward these logs to SEKOIA.IO.