FortiSIEM Active Directory

adem_netsys · ‎11-08-2024

Hi guys,

I have a windows machine that I would like Active Directory logs to be retrieved as well. Here win agent will be installed. Is the agent enough for this or should I use WMI as I see from the documentation?

https://docs.fortinet.com/document/fortisiem/7.2.3/external-systems-configuration-guide/433317/micro...

Thank you

premchanderr · ‎11-10-2024

Hi @adem_netsys ,

The below document lists all the logs that agent can send to SIEM:

https://help.fortinet.com/fsiem/7-2-4/Online-Help/HTML5_Help/Configuring_Windows_Agent.htm

If you are looking for logs related to active directory then have to discover via LDAP protocol :

https://docs.fortinet.com/document/fortisiem/7.2.4/external-systems-configuration-guide/433317/micro...

Regards,
Prem Chander R

adem_netsys · ‎11-11-2024

Hi @premchanderr

Thanks for the answer, here we can already get the security logs that occur in AD with the agent, is there any situation that affects the logs other than pulling users with LDAP?

premchanderr · ‎11-13-2024

Hi Adam,

Normally everything should work uninterruptedly.

This depends on anything unusual on the windows or FortiSIEM super/collector end. Monitor FortiSIEM status via GUI Health and windows by its utilization. Also ensure network connectivity is stable and antivirus doesn't hinder agent communication.

Regards,
Prem Chander R

FortiSIEM Active Directory

Nominate a Forum Post for Knowledge Article Creation