How to collect data on Active Directory

In this page we describe how to collect events from Windows Active Directory data source.

You must be logged in to the CYBERQUEST Web Interface with a user with administrative rights.

Navigate to "Settings > Management > Data Source Manager".

Alt text

This page contains all the data sources added in the CYBERQUEST application.

Alt text

To add a new data source, press Alt text button and complete the following form:

DataSource Type: Select "Applications / Active Directory Information (LogName: ActiveDirectoryInformation)" data source;

DataSource Information: This field is filled in automatically with data source information;

Query Interval: At what time interval is the WMI(Windows Management Instrumentation) query executed. By default is set to run every 60 seconds;

Credentials to use: Add appropriate credentials from a drop-down list;

Tag: This field is filled in automatically, but you can change the information;

Administrative Notes: You can complete with information about the added data source;

Annonymize Fields: You can select certain information to be anonymized. You can select one or more options;

Computer: Complete IP of this data source;

Complete the form and press Alt text button to save changes, or button to close the window without saving.

The next step is to assign the CYBERQUEST agent to this data source. Press the drop-down list and choose the agent.

Alt text

To edit the data sources information, press "Edit" button Alt text . This process is almost identical to adding data sources.

Bulk Clone Alt Image : Clone the current data source settings for each element of the field “Bulk Clone”.

Clone Alt Image : Clone the data source.

You can also delete the data source by pressing "Delete" button. To delete data source you must remove Agent from data source.