Email Infrastructure, IAM and Audit Logs
      Back to home
      1. Radiant Help Center
      2. Getting Started
      3. Email Infrastructure, IAM and Audit Logs

      ADAudit Plus

      Set up ADAudit Plus to forward security events to Radiant Security via HTTPS.

      Overview

      In this guide, you will set up ADAudit Plus to forward security events to Radiant Security's HTTPS connector. The security events are used to identify suspicious activity within the environment related to User Logon Activity, Account Management and Policy Changes.

      Prerequisites

      • Admin access to ADAudit Plus Control Panel

      Add the data connector in Radiant Security

      1.   Log in to Radiant Security.
      2.   From the navigation menu, select Settings > Data Connectors and click + Add Connector.
      3.   Search for and select the ADAudit Plus Webhook option and then click Data Feeds. Screenshot 2024-08-01 at 13.36.23
      4.   Under Select your data feeds, select Audit Plus Webhook and click Credentials. Screenshot 2024-08-01 at 13.37.20
      5.   Under Credential Name, give the credential an identifiable name (e.g. ADAudit Plus Integration) then, click Credentials.

      6.   Under Required Credentials, enter a value for the Connector Tag. This can be any string you want.
      7.   Click Add Connector to save the changes. Screenshot 2024-08-01 at 13.39.11
      8.   Copy and save the connector Token and Webhook URL values. You will need those to complete the configuration.

      9.   Click Done to save your changes.      		 Screenshot 2024-08-01 at 13.42.35

       



      Configure ADAudit Plus to forward events via HTTPS

      On the ADAudit Control Panel:

      1. Click the Admin tab.
      2. On the side panel, select Configuration and SIEM Integration.
      3. Select the Enable forwarding of ADAuditPlus Data checkbox.
      4. Click the Splunk HTTP tab and fill in the following details:
        1. Splunk Server Name: Paste the Webhook URL value that you previously copied from Radiant Security’s connector page
        2. HTTP Event Collector Port: 443
        3. SSL Enabled: True
        4. Authentication Token: Paste the Token value that you previously copied from Radiant Security’s connector page
        5. Folder size threshold: 5 GB
        6. Leave the Enable Log forwarding of ADAudit Plus application logs checkbox unselected.
        7. Select the Yes, I agree that it is compliant checkbox.Untitled
      5. Click Save.
      6. On the right side, click Choose Categories to forward.
      7. Select all checkboxes except for AzureAD Logon Reports and AzureAD Management Reports. Those categories can be collected directly from Microsoft Connectors.
      8. Click Save.

      We value your opinion. Did you find this article helpful? Share your thoughts by clicking here or reach to our Product and Customer Success teams at support@radiantsecurity.ai 

       

      Last updated: 2024-08-23