Skip to main content
adem_netsys
adem_netsys
Explorer III
November 8, 2024
Question

FortiSIEM Active Directory

  • November 8, 2024
  • 1 reply
  • 1135 views

Hi guys,

 

I have a windows machine that I would like Active Directory logs to be retrieved as well. Here win agent will be installed. Is the agent enough for this or should I use WMI as I see from the documentation?

 

https://docs.fortinet.com/document/fortisiem/7.2.3/external-systems-configuration-guide/433317/microsoft-active-directory#Configu

 

Thank you

    1 reply

    premchanderr
    Staff & Editor
    premchanderr
    Staff & Editor
    November 11, 2024

    Hi @adem_netsys ,

     

    The below document lists all the logs that agent can send to SIEM:

    https://help.fortinet.com/fsiem/7-2-4/Online-Help/HTML5_Help/Configuring_Windows_Agent.htm

     

    If you are looking for logs related to active directory then have to discover via LDAP protocol :

    https://docs.fortinet.com/document/fortisiem/7.2.4/external-systems-configuration-guide/433317/microsoft-active-directory

    adem_netsys
    adem_netsysAuthor
    Explorer III
    November 11, 2024

    Hi @premchanderr 

     

    Thanks for the answer, here we can already get the security logs that occur in AD with the agent, is there any situation that affects the logs other than pulling users with LDAP?

    premchanderr
    Staff & Editor
    premchanderr
    Staff & Editor
    November 14, 2024

    Hi Adam,

     

    Normally everything should work uninterruptedly. 


    This depends on anything unusual on the windows or FortiSIEM super/collector end. Monitor FortiSIEM status via GUI Health and windows by its utilization. Also ensure network connectivity is stable and antivirus doesn't hinder agent communication. 

    Terms & ConditionsAccessibility statement