[Tips and Tricks] - How to integrate ADSelfService Plus with your SIEM system in real time?
ADSelfService Plus can be integrated with syslog servers and SIEM (security information and event management) solutions that support syslog format such as Splunk and EventLog Analyzer, so that you can forward audit logs in real time and gain valuable insights on your users’ activities.
This article will guide you to integrate ADSelfService Plus with SIEM solutions.
Integrating ADSelfService Plus with Splunk
Steps involved:
The first step of the integration process is to generate an HTTP event collector token using the Splunk Enterprise:
- Log in to Splunk as an administrator.
- Navigate to Settings > Data Inputs > HTTP Event Collector.
- Click New Token.
- Specify a name for the token and retain the default values for the other fields.
- Click Save and the authentication token will be generated.
Once the HTTP event collector token is generated:
- Log in to ADSelfService Plus as default Admin.
- Navigate to Admin > Product Settings > Integration Settings.
- Click the Splunk Server tile.
- Enter the details including Splunk Server Name, HTTP Event Collector Port Number, and Port Protocol, and specify the HTTP Event Collector Token generated for ADSelfService Plus in Splunk.
- Click Save.
Integrating ADSelfService Plus with a Syslog Server
Steps involved:
- Log in to ADSelfService Plus as default Admin.
- Navigate to Admin > Product Settings > Integration Settings.
- Click the Syslog Server tile.
- Enter the details including Syslog Server Name, Port Number, and Port Protocol. Also, choose the Syslog Standard and specify the Data Format needed for your SIEM parser.
- Click Save.
Like this tip? Get the most out of ADSelfService Plus by checking out more tips and tricks here.