Alsid / Tenable.ad
Overview
Alsid is an automated security solution that monitors the components of Active Directory infrastructures by detecting attacks in real time, identifying existing weaknesses and vulnerabilities.
Event Categories
The following table lists the data source offered by this integration.
| Data Source | Description |
|---|---|
Application logs |
Alsid events bring information from Active Directory logs |
Authentication logs |
Alsid alerts provide details on anomalies/threats detected in authentication logs |
Network protocol analysis |
information on LDAP, DNS and Kerberos protocols are collected through Alsid logs |
Configure
As of now, the main solution to collect Alsid logs leverages the Rsyslog recipe. Please share your experiences with other recipes by editing this documentation.
Rsyslog
Please refer to the documentation of Alsid to forward events to your rsyslog server. The reader is also invited to consult the Rsyslog Transport documentation to forward these logs to SEKOIA.IO.