# ADAudit Plus

In this guide, you will set up ADAudit Plus to forward security events to Radiant Security's HTTPS connector. The security events are used to identify suspicious activity within the environment related to User Logon Activity, Account Management and Policy Changes.

### Prerequisites

* [ ] Admin access to ADAudit Plus Control Panel

### Add the data connector in Radiant Security

1. Log in to [Radiant Security](https://app.radiantsecurity.ai/).
2. From the navigation menu, select **Settings** > **Data Connectors** and click **+ Add Connector**.
3. Search for and select the **ADAudit Plus Webhook** option and then click **Data Feeds.**
4. Under **Select your data feeds**, select **ADAudit Plus Webhook** and click **Credentials**.
5. Under **Credential Name**, give the credential an identifiable name (e.g. `ADAudit Plus Integration`) then, click **Credentials**.
6. Under **Required** **Credentials**, enter a value for the **Connector** **Tag**. This can be any string you want.
7. Click **Add Connector** to save the changes.
8. Copy and save the connector **Token** and **Webhook URL** values. You will need those to complete the configuration.
9. Click **Done** to save your changes.

### Configure ADAudit Plus to forward events via HTTPS

On the ADAudit Control Panel:

1. Click the **Admin** tab.
2. On the side panel, select **Configuration** and **SIEM Integration.**
3. Select the **Enable forwarding of ADAuditPlus Data** checkbox.
4. Click the **Splunk HTTP** tab and fill in the following details:
   1. **Splunk Server**: Paste the **Webhook URL** value that you previously copied from Radiant Security’s connector page
   2. **HTTP Event Collector port**: `443`
   3. **SSL Enabled**: `True`
   4. **Authentication Token**: Paste the **Token** value that you previously copied from Radiant Security’s connector page
   5. **Folder size threshold**: `5 GB`
   6. Leave the **Enable Log forwarding of ADAudit Plus application** **logs** checkbox unselected.
   7. Select the **Yes, I agree that it is compliant** checkbox.
5. Click **Save**.
6. On the right side, click **Choose Categories to forward**.
7. Select all checkboxes except for **AzureAD Logon Reports** and **AzureAD Management Reports**. Those categories can be collected directly from Microsoft Connectors.
8. Click **Save**.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://help.radiantsecurity.ai/radiant-connectors/data-connectors/adaudit-plus.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.