RSA Security Analytics Integration With MS Active Directory
i have an issue with RSA Security Analytics integration with AD, we have been able to setup the connector on the AD and verified the credential on RSA Analytics GUI, but for some reasons we are not getting any logs on the GUI.
Any pointers in resolving this issue will be very much apprecaiated.
- Community Thread
- Forum Thread
- RSA NetWitness
- RSA NetWitness Platform
Thanks Sean, it is actually collection of logs from AD into RSA Analytics. I have followed the steps for the integration and its syncing very well but the logs are not showing up on RSA Analytics.
I'm getting out my popcorn to watch this thread.
What version of SA are you running?
I ask b/c we've seen some funny behavior in getting the AD integration to work well, without using the legacy windows log collector.
The collection is supposed to work with WinRM on the windows server/machine. I would first make sure that all of the sadocs guide has been followed for the WinRM configuration. Pay close attention to with the http vs. https settings of WinRM.
Have you turned on debugging? When we did our testing with WinRM we found that the security logs were not initially coming in. This turned out to happen because the Windows admin helping me forgot to add the channel access code to the GPO. Once that came through it was working great.