Open safiuddinr opened 3 months ago
This dashboard will be made of specific active directory policies and their subcategories such as,
Account logon (Audit credentials validation, Audit kerberos authentication services, Audit other accounts log events &Audit- kerberos services ticket operations)
Privilege use (Audit non sensitive privilege use events, Audit other privilege use events, Audit sensitive privilege use)
Detailed tracking (Audit process creation, audit process termination, audit RPC Events)
logon/logoff (Audit Account lockout, Audit logoff, Audit logon, Audit Network Policy server, Audit special logon, Audit group member, Audit another logon/logoff)
The idea will be to have a section on the dashboard of each of those categories/subcategories listed above.
The first step of this project will be to trigger the AD logs of each of those categories/sub-categories.
The second step will be to view logs in the event viewer within the domain controller (DC1).
Third step will be to identify those logs and their event id numbers in Kibana.
The fourth step, which is the last, will be to create dashboards from those logs.
Working on two Active Directory Dashboards (AD) for end of July release.