Splunk announced the Splunk App for Active Directory which helps enable organizations to avoid service outages and provides proactive management and compliance reporting of the Active Directory – all from one place.
Enterprise organizations understand that Microsoft Windows Server Active Directory is the foundation of an IT infrastructure. It is the central location for user configuration information, authentication requests, and information about all the computers that run the business.
When issues occur in Active Directory, the impact is felt across the business – users are unable to login, access privileges expire, email stops flowing, and systems stall. The Splunk App for Active Directory is a proactive solution that uncovers the data needed to diagnose the issue, fix its root cause, and restore service.
With this app users can:
- Monitor the Active Directory Forest for potential security breaches and non-compliant usage patterns.
- Audit changes to group policies, user, group, and computer objects in real time.
- View detailed topology statistics on all the objects within the Active Directory – top down from the Forest to individual user and computer accounts.
- Assess the operational health of Active Directory across site and domain boundaries.
The Splunk App for Active Directory is a solution designed to meet the challenge of multiple requirements across the enterprise. It can be leveraged in many ways – from supporting help desk operations and CIO SLA commitments, to assisting the security team in protecting the infrastructure.
Access to data can be limited based on your organization’s privacy policies and restricted based on personal identifiable information (PII).
Administrator: Access to real-time information about the Active Directory Forest for proactive management.
Helpdesk: Troubleshoot login problems with access to domain controller status information.
HR Team: Access to information to monitor usage patterns in accordance to corporate guidelines.
Security team: Monitor changes to users and groups. Track unauthorized access attempts from locked or disabled accounts.
CIO: Monitor information about the status of the Active Directory Forest and whether SLAs are being met.
User: Access to information about domain status.