Monitoring security incidents in real time has become a mandatory practice for every enterprise. To that end, many organizations rely on security information and event management (SIEM) solutions to safeguard their network against cyber security attacks.
As a self-service tool, ADSelfService Plus has a lot of critical information about user activity and events relating to security, such as failed password resets, failed user account lockouts, and more. If you already have a SIEM tool (such as Splunk, LogRhythm, or Log360) to analyze security events throughout your network, then integrating that tool with ADSelfService Plus can give you real-time data on what kind of actions end users are performing.
Once you've set up the integration, you can forward the log data generated in ADSelfService Plus right to your SIEM solution for further analysis. From there, you can use your SIEM solution to correlate log data from ADSelfService Plus with other logs in the network, as well as process and analyze ADSelfService Plus' logs to generate reports and trigger alerts for critical security incidents. ADSelfService Plus can also forward these logs in Syslog format to applications such as business intelligence tools.
To learn how to integrate ADSelfService Plus with Splunk or any Syslog server, click here.
The events from ADSelfService Plus can be viewed, searched, grouped into reports, and categorized in your SIEM product based on the following fields:
|ACCESS_MODE||Filter events from ADSelfService Plus based on the mode of access (i.e. web browser, mobile app, or mobile site).|
|ACTION_NAME||Filter log events based on the action performed, such as password reset, account unlock, password change, enrollment, and more.|
|DATE_TIME (or) TIME||Filter log events based on the time of the action.|
|DOMAIN_NAME||Filter log events based on the domain.|
|HOST||Filter log events based on the host name.|
|IP||Filter log events based on the IP address.|
|LOGIN NAME||Filter log events based on the user login name.|
|STATUS||Filter log events based on whether the action performed was a success or failure.|
For example, when a user attempts to unlock their account via the ADSelfService Plus mobile app, ADSelfService Plus records detailed information about the event, including the user's IP address and login name. Here's a sample log:
ACCESS_MODE: Android App
ACTION_NAME: Self Unlock
DATE_TIME: 2017/12/02 04:09 PM
DOMAIN NAME: adssp
LOGIN NAME: anjali.g
STATUS: Cannot unlock the user. The user account is not locked.
Free Active Directory users from attending lengthy help desk calls by allowing them to self-service their password resets/ account unlock tasks. Hassle-free password change for Active Directory users with ADSelfService Plus ‘Change Password’ console.
Get seamless one-click access to 100+ cloud applications. With enterprise single sign-on, users can access all their cloud applications with their Active Directory credentials. Thanks to ADSelfService Plus!
Intimate Active Directory users of their impending password/account expiry by mailing them these password/account expiry notifications.
Synchronize Windows Active Directory user password/account changes across multiple systems, automatically, including Office 365, G Suite, IBM iSeries and more.
Ensure strong user passwords that resist various hacking threats with ADSelfService Plus by enforcing Active Directory users to adhere to compliant passwords via displaying password complexity requirements.