Welcome to the SGBox Active Directory Engine! This is a tool designed to constantly monitor your Active Directories status, determine the relative risk and warn when defined KPI thresholds are exceeded. The module can also generate custom user lists that can later be used by the SGBox Log Correlation Engine and/or query system to detect anomalous user behavior.
1 Requirements
The ADE module uses standard Microsoft protocols to communicate with Active Directory. Depending on the type of installation, the module can gather Active Directory data either directly or through an SGBox Collector.
Firewall policy changes
Because the module uses standard LDAP queries to access Active Directory data, ports 389 (LDAP) and/or 636 (LDAPS) must be open on your target Domain Controllers for monitoring.
You are set if your SGBox instance or collector is on the same network as the Active Directories you want to monitor. Otherwise, you need to configure your firewall to allow traffic on ports 389 (LDAP) and/or 636 (LDAPS) between the Domain Controllers you wish to monitor and the SGBox instance or collector.
Service user
The module configuration also requires the definition of an Active Directory service account for each domain you want to monitor. There is no need of any special permission on these users, a simple domain membership with a never expire password will be enough.
For greater security, it is strongly recommended that this user be denied permission to log on to Remote Desktop Session. Disable this option in the Remote Desktop Service Profile tab of the Active Directory User Properties panel.
2 Main index
Please refer to the following chapters to learn how to configure and use the Active Directory Engine module.