How to collect data on Active Directory
In this page we describe how to collect events from Windows Active Directory data source.
Navigate to Settings
You must be logged in to the CYBERQUEST Web Interface with a user with administrative rights.
Navigate to "Settings > Management > Data Source Manager".
Data Source Manager window
This page contains all the data sources added in the CYBERQUEST application.
Add data source
To add a new data source, press button and complete the following form:
DataSource Type: Select "Applications / Active Directory Information (LogName: ActiveDirectoryInformation)" data source;
DataSource Information: This field is filled in automatically with data source information;
Query Interval: At what time interval is the WMI(Windows Management Instrumentation) query executed. By default is set to run every 60 seconds;
Credentials to use: Add appropriate credentials from a drop-down list;
Tag: This field is filled in automatically, but you can change the information;
Administrative Notes: You can complete with information about the added data source;
Annonymize Fields: You can select certain information to be anonymized. You can select one or more options;
Computer: Complete IP of this data source;
Complete the form and press button to save changes, or
button to close the window without saving.
Assign the CYBERQUEST agent
The next step is to assign the CYBERQUEST agent to this data source. Press the drop-down list and choose the agent.
Actions menu
To edit the data sources information, press "Edit" button. This process is almost identical to adding data sources.
Bulk Clone : Clone the current data source settings for each element of the field “Bulk Clone”.
Clone : Clone the data source.
You can also delete the data source by pressing "Delete" button. To delete data source you must remove Agent from data source.