Introducing ADAudit Plus' Attack Surface Analyzer—Detect 25+ AD attacks and identify risky Azure configurations. Learn more×
 
Support
 
Phone Get Quote
 
Support
 
US: +1 888 720 9500
US: +1 888 791 1189
Intl: +1 925 924 9500
Aus: +1 800 631 268
UK: 0800 028 6590
CN: +86 400 660 8680

Direct Inward Dialing: +1 408 916 9892

ManageEngine ADAudit Plus architecture

ManageEngine ADAudit Plus is an IT security and compliance solution. With over 200 event-specific reports and real-time email alerts, it provides in-depth knowledge about changes effected to both the content and configuration of Active Directory, Azure AD and Windows servers. Additionally it also provides thorough access intelligence for workstations and file servers (including NetApp and EMC).

1. Modules that ADAudit Plus has to offer

1.1 Event processing engine

All events that are fetched from the network are processed here before they are stored in the database or a corresponding alert is triggered. It filters logs which aren't needed—as configured by the administrator—and normalizes raw logs to standard formats.

1.2 Alerts engine

Sends out email or SMS notifications based on the configured alert profiles.

1.3 Audit Database

Stores raw and normalized log information from configured devices across your network. ADAudit Plus comes bundled with a PostgreSQL database, users can also choose to use Microsoft SQL databases if needed.

1.4 DataEngine

Stores and retrieves large volumes data faster & is more scalable when compared to the database.

1.5 Analytics engine

Collects information and models a baseline of normal activities to define dynamic thresholds. When an anomaly is detected, an alert is triggered.

ADAudit Plus Architecture

2. External interfaces that ADAudit Plus interacts with

2.1 User interface

A web interface that runs on a browser and connects to the web server component of tomcat which listens on port number 8081.

2.2 Database interface

ADAudit Plus comes with an in-built PostgreSQL database which listens on port number 33307. The interactions between the product and the database happen using the Java Database Connectivity (JDBC) interfaces. The product also provides support to connect to MSSQL and MySQL databases.

2.3 Active Directory Services Interface (ADSI)

ADAudit Plus interacts with Active Directory through via ADSI. ADSI is a set of Component Object Model (COM) interfaces provided by Microsoft to access the features of the directory services.

2.4 Windows Event log

ADAudit Plus uses the Windows Eventlog API to query event logs from Windows Servers and workstations.

2.5 SIEM forwarding

ADAudit Plus can forward all events to an SIEM solution of your choice. Currently, the tool offers out-of-the-box support for Splunk, ArcSight(CEF) and syslog standards.

2.6 Email/SMS

ADAudit Plus can send critical alerts to users via email or SMS. An SMTP server configuration is used for sending emails and an SMS provider configuration is used to send SMSes.

ADAudit Plus Trusted By

Meet all auditing and IT security needs with ADAudit Plus.

  • Active Directory
  • File servers
  • Windows server
  • Workstation
  • Compliance
  • Related Products

A single pane of glass for complete Active Directory Auditing and Reporting

Free Trial Get Quote
Email Download Link