Hi,
i'm new in ELK, and i'm looking to get logs from my AD AuditPlus tool ( screenshot attached). How to do I go about it from setting it up , up to creation of dashboard.
Hi Chad,
Welcome to elastic forum.
Do you have your private ELK setup or planning to use Elastic Cloud service?
Hi @tamilsweet,
I'm using a private on-prem.
Hi Guys,
kindly looking for your help 
Looks like not many are familiar with ADAudit Plus integration with Elasticsearch including myself.
You might have to follow trial and error method to get this integration working.
I would just forward the SIEM logs to a Logstash instance and output that to stdout to see if the logs are forwarded properly as expected. I'm not sure about the Protocol, Syslog Standard and Data Format.. so try everything till you get it working.
Next step would be to get the logs pushed from Logstash to Elasticsearch. You can add some grok pattern if you want to parse the logs and store it in different fields.
I'm not sure if you can directly forward those logs to Elasticsearch. Elastic SIEM is added recently and I'm not sure how it works, check it out - https://www.elastic.co/siem
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.