ADAudit Plus
Set up ADAudit Plus to forward security events via HTTPS.
In this guide, you will set up ADAudit Plus to forward security events to Radiant Security's HTTPS connector. The security events are used to identify suspicious activity within the environment related to User Logon Activity, Account Management and Policy Changes.
Prerequisites
Add the data connector in Radiant Security
Log in to Radiant Security.
From the navigation menu, select Settings > Data Connectors and click + Add Connector.
Search for and select the ADAudit Plus Webhook option and then click Data Feeds.
Under Select your data feeds, select ADAudit Plus Webhook and click Credentials.
Under Credential Name, give the credential an identifiable name (e.g.
ADAudit Plus Integration) then, click Credentials.Under Required Credentials, enter a value for the Connector Tag. This can be any string you want.
Click Add Connector to save the changes.
Copy and save the connector Token and Webhook URL values. You will need those to complete the configuration.
Click Done to save your changes.
Configure ADAudit Plus to forward events via HTTPS
On the ADAudit Control Panel:
Click the Admin tab.
On the side panel, select Configuration and SIEM Integration.
Select the Enable forwarding of ADAuditPlus Data checkbox.
Click the Splunk HTTP tab and fill in the following details:
Splunk Server: Paste the Webhook URL value that you previously copied from Radiant Security’s connector page
HTTP Event Collector port:
443SSL Enabled:
TrueAuthentication Token: Paste the Token value that you previously copied from Radiant Security’s connector page
Folder size threshold:
5 GBLeave the Enable Log forwarding of ADAudit Plus application logs checkbox unselected.
Select the Yes, I agree that it is compliant checkbox.
Click Save.
On the right side, click Choose Categories to forward.
Select all checkboxes except for AzureAD Logon Reports and AzureAD Management Reports. Those categories can be collected directly from Microsoft Connectors.
Click Save.
Last updated