# ADAudit Plus

In this guide, you will set up ADAudit Plus to forward security events to Radiant Security's HTTPS connector. The security events are used to identify suspicious activity within the environment related to User Logon Activity, Account Management and Policy Changes.

### Prerequisites

* [ ] Admin access to ADAudit Plus Control Panel

### Add the data connector in Radiant Security

1. Log in to [Radiant Security](https://app.radiantsecurity.ai/).
2. From the navigation menu, select **Settings** > **Data Connectors** and click **+ Add Connector**.
3. Search for and select the **ADAudit Plus Webhook** option and then click **Data Feeds.**
4. Under **Select your data feeds**, select **ADAudit Plus Webhook** and click **Credentials**.
5. Under **Credential Name**, give the credential an identifiable name (e.g. `ADAudit Plus Integration`) then, click **Credentials**.
6. Under **Required** **Credentials**, enter a value for the **Connector** **Tag**. This can be any string you want.
7. Click **Add Connector** to save the changes.
8. Copy and save the connector **Token** and **Webhook URL** values. You will need those to complete the configuration.
9. Click **Done** to save your changes.

### Configure ADAudit Plus to forward events via HTTPS

On the ADAudit Control Panel:

1. Click the **Admin** tab.
2. On the side panel, select **Configuration** and **SIEM Integration.**
3. Select the **Enable forwarding of ADAuditPlus Data** checkbox.
4. Click the **Splunk HTTP** tab and fill in the following details:
   1. **Splunk Server**: Paste the **Webhook URL** value that you previously copied from Radiant Security’s connector page
   2. **HTTP Event Collector port**: `443`
   3. **SSL Enabled**: `True`
   4. **Authentication Token**: Paste the **Token** value that you previously copied from Radiant Security’s connector page
   5. **Folder size threshold**: `5 GB`
   6. Leave the **Enable Log forwarding of ADAudit Plus application** **logs** checkbox unselected.
   7. Select the **Yes, I agree that it is compliant** checkbox.
5. Click **Save**.
6. On the right side, click **Choose Categories to forward**.
7. Select all checkboxes except for **AzureAD Logon Reports** and **AzureAD Management Reports**. Those categories can be collected directly from Microsoft Connectors.
8. Click **Save**.