Your Privacy
We use cookies to give you a better experience in UTMStack
You can learn more about what kind of cookies we use, why, and how from our Privacy Policy. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings in our cookie banner to change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer. For more details, check out our Privacy Policy link below.
Strictly Necessary Cookies
These cookies are necessary for the website to function and cannot be switched off in our systems, but do not store any person information. They are usually set in response to your actions that triggers a request for services, such as setting your privacy preferences, logging in or filling forms. You can change your browser settings to alert you about these cookies, but some parts of the Website may not work.
View Cookies
So I just started evalulating utmstack yesterday, and so far my experience has been less than stellar. One particular case in point is AD Audit. When I go to the openstack web UI and go to extensions -> AD Audit, the instructions which are provided are for installing AD Certificate Services as a new root CA. The only hit as to WHY we would be doing this is the heading "LDAPS on windows server". Then it shows running a dsquery comand, with no explanation as to why. The only step that has anything to do with utmstack is the instruction "Enter AD Auditor connection info." Great, I'd love to do that, but this is not an instruction which is helpful to anyone. I hit the "add tenant" button (though it was not mentioned anywhere in the above instructions, nor in any documentation I could find), and put in a DC name, user, password, and search base. But, when I hit "Enable Integration" I get this:
Windows events verification
Windows events are not being logged
Active Directory index verification
Active Directory index not found
with absolutely no info as to how I would go about creating such an index, nor what is meant by "Windows events are not being logged." I have an agent on the DC, and it has checked in enough to be listed in "sources." It would make more sense IMHO to have the instructions simply state "you must have LDAPS enabled on your DC, here is a link to Microsoft on how to do it". Maybe then you would have room on this page to include some actual instructions.
0 Votes
Ricardo Valdes posted 4 months ago Admin Best Answer
Hi Duane,
I confirmed with our engineering team that this guide needs some work. We'll make some changes to make it easier to understand.
When you run the command: "dsquery user -name {know username}" it will give you an output similar to this (example): "CN=John.Smith,CN=Users,DC=MyDomain,DC=com".
Your "User Distinguished Name" would be the complete output result "CN=John.Smith,CN=Users,DC=MyDomain,DC=com"
Your "Search Base" would be "DC=MyDomain,DC=com"
Your hostname would be your server IP or hostname
Your password would be the one that belongs to the account used in your query "dsquery user -name {know username}"
0 Votes
2 Comments
Ricardo Valdes posted 4 months ago Admin Answer
Hi Duane,
I confirmed with our engineering team that this guide needs some work. We'll make some changes to make it easier to understand.
When you run the command: "dsquery user -name {know username}" it will give you an output similar to this (example): "CN=John.Smith,CN=Users,DC=MyDomain,DC=com".
Your "User Distinguished Name" would be the complete output result "CN=John.Smith,CN=Users,DC=MyDomain,DC=com"
Your "Search Base" would be "DC=MyDomain,DC=com"
Your hostname would be your server IP or hostname
Your password would be the one that belongs to the account used in your query "dsquery user -name {know username}"
0 Votes
Jason Hall posted 5 months ago
In data sources, for events next to your DC does it say HIDS, wineventlog or does it just say HIDS?
I was having the same issue and mine was only showing HIDS. I had to do a couple of things to get it to work.
1.) I installed an earlier version of the Windows Agent.
2.) I manually added the data parsing filter for windows-events.
To manually add the windows-events filter i logged into the https://demo.utmstack.com/ site, went to go data parsing and copied it from there.
After that all my windows clients were showing wineventlog and i could enable AD Auditing and File Integrity Monitoring
0 Votes
Login or Sign up to post a comment