IT Central Station is now PeerSpot: Here's why
2022-01-16T12:44:00Z

Are you aware of SIEM platforms that integrate both Active Directory auditing and security monitoring tools?


Hi, community!

Usually, when professionals administer the network, they use an Active Directory tool and a cybersecurity solution (e.g., EPP, anti-virus, or SIEM) separately.

Are you aware of SIEM platforms that integrate these tools?

PeerSpot user
Guest
66 Answers

Avraham Sonenthal - PeerSpot reviewer
Top 5LeaderboardReal User

I agree with the users who mentioned Splunk. Splunk is a log message management platform, and they have an application called Splunk Enterprise Security. It can ingest AD, anti virus, door control systems, VPN gateways, etc, etc via the log messages they generate, and has logic to correlate events (ie log messages). I am sure there are other products but Splunk is what I am familiar with.

2022-01-19T14:02:08Z
Robert Cheruiyot - PeerSpot reviewer
Top 5Real User

Hi @Giusel,


With the rise in insider threats, the idea of UEBA is becoming a must-have component in SOC. 


This makes it necessary to have AD users or users from any other source to be available for monitoring in SIEM platforms. RSA NWP does this and definitely many other platforms. 


Also, it depends on what you want to achieve;


-You can integrate many SIEM platforms with AD so that users can authenticate into SIEM using credentials from AD (external source).


-To monitor the behavior of AD users in order to identify malicious activity.


Thanks

2022-01-19T13:01:44Z
Norman Freitag - PeerSpot reviewer
Top 5MSSP

Hi @Giusel,


I agree with Shibu Splunk it's probably the best fit (or single point of truth) you can get at the market. With Splunk as a platform, it's natural to push forward to SOC and SOAR. 


Don't forget to use the ingested data for several additional use cases in ITOps and other purposes to better up the ROI of the investment in Splunk.


Recently, we combined Tanium and Splunk as the best suite approach, it's very promising for bigger companies or if you go for an MSSP.


At one customer we connected several Point of Sales systems in an ITOps Usecase and several additional use cases for sales and marketing dropped out.


Hope this helps a little.


Best Regards,


Norman

2022-01-18T09:12:46Z
Manoj Gautam - PeerSpot reviewer
Top 5User

SIEM platform is one of the intelligent platforms which collects all the events from a given source. But generally admins only integrate security events with SIEM tools. 


All the infra tools and equipment can integrate with the SIEM platform. The most important bit is that when the events get captured, the logger should be capable of translating these events to the human-readable format.


Here are some of the SIEM platforms:


ArcSight, Splunk, IBM QRadar, LogRhythm, ELK, etc.

2022-01-20T05:19:14Z
reviewer1344861 - PeerSpot reviewer
Top 20Real User

Hi @Giusel


I have been looking into the same thing.  I am taking a very close look at Sentinel.  It really comes down to what you are running.  Azure AD with Azure Cloud and if you were running Defender for the enterprise.  The integrations within Sentinel would be unmatched.

2022-01-18T19:39:22Z
Shibu Babuchandran - PeerSpot reviewer
ExpertModeratorReal User

Hi @Giusel,


There are many tools that can integrate with SIEM platforms. With our SIEM team, we have integrated AD and security monitoring tools with Splunk & Securonix.


To get further information, can you share which security monitoring tools are you using and plan to integrate?

2022-01-17T03:50:46Z
Buyer's Guide
Security Information and Event Management (SIEM)
May 2022
Find out what your peers are saying about Splunk, IBM, Microsoft and others in Security Information and Event Management (SIEM). Updated: May 2022.
599,220 professionals have used our research since 2012.