Skip to content

Alsid / Tenable.ad

Overview

Alsid is an automated security solution that monitors the components of Active Directory infrastructures by detecting attacks in real time, identifying existing weaknesses and vulnerabilities.

Event Categories

The following table lists the data source offered by this integration.

Data Source Description
Application logs Alsid events bring information from Active Directory logs
Authentication logs Alsid alerts provide details on anomalies/threats detected in authentication logs
Network protocol analysis information on LDAP, DNS and Kerberos protocols are collected through Alsid logs

Configure

As of now, the main solution to collect Alsid logs leverages the Rsyslog recipe. Please share your experiences with other recipes by editing this documentation.

Rsyslog

Please refer to the documentation of Alsid to forward events to your rsyslog server. The reader is also invited to consult the Rsyslog Transport documentation to forward these logs to Sekoia.io.