You are here: Docs>Sheriff Web>UserGuides>SheriffCSMDocumentation>DeploymentGuide>PluginManagement>ConfigureLogForwardingOnCommonlyUsedDataSources>ManageEngineADAuditPlus (23 Jun 2022, SheriffCyberSecurity)Edit Attach
Up
Previous Next

Sheriff CSMâ„¢

ManageEngine ADAudit Plus

When you configure ManageEngine ADAudit Plus to send log data to Sheriff CSM, you can use the ADAudit Plus plugin to translate raw log data into normalized events for analysis. The table below provides some basic information for the plugin:

Plugin Information
DeviceDetails
Vendor ManageEngine
Device Type Management Platform
Connection Type Syslog
Data Source Name ADAuditplus
Data Source ID 1781

Integrating ManageEngine ADAudit Plus

Before you configure the ManageEngine ADAudit Plus integration, you must have the IP Address of the Sheriff CSM Sensor (Deputy).

To configure ManageEngine ADAudit Plus to send Syslog messages to Sheriff CSM
  1. From the ADAudit Plus user interface, click on the Admin tab and then select SIEM Integration.

  2. Select the Enable checkbox and choose the Syslog radio button.

  3. Enter your Sheriff CSM IP address in the Syslog server field.

  4. Enter the Syslog port number 514 and protocol.

  5. Choose the Syslog standard and data format as required by your SIEM parser.

  6. Save the configuration; then choose the categories of messages to forward to Sheriff CSM.

Plugin Enablement

For plugin enablement information, see Enable Plugins.

Additional Resources and Troubleshooting

https://www.manageengine.com/products/active-directory-audit/help/getting-started/siem-integration.html

For troubleshooting, refer to the vendor documentation:

https://www.manageengine.com/products/active-directory-audit/help/troubleshooting/troubleshooting.html
Edit  | Attach | Print version | History: r7 < r6 < r5 < r4 | Backlinks | View wiki text | Edit wiki text | More topic actions
Topic revision: r7 - 23 Jun 2022, SheriffCyberSecurity
Copyright 2020 Sheriff Cyber Security, LLC. All rights reserved.