Highlighted
anwer.alg Frequent Contributor.
Frequent Contributor.
463 views

Windows AD Actor Import Connector

Jump to solution

Hi All,

I was wondering if the active directory actor import model connector supports Windows active Directory 2012?

Labels (3)
0 Likes
1 Solution

Accepted Solutions
stefan.oancea Outstanding Contributor.
Outstanding Contributor.

Re: Windows AD Actor Import Connector

Jump to solution

Hello Anwer,

About one year ago I installed Actor Model Import Connector version 7.0.7.7288 for Linux 64 bit Operating System and was able to gather users from Active Directory 2012 Infrastructure.

So yes, I say it should work.

All the best,

Stefan

0 Likes
3 Replies
stefan.oancea Outstanding Contributor.
Outstanding Contributor.

Re: Windows AD Actor Import Connector

Jump to solution

Hello Anwer,

About one year ago I installed Actor Model Import Connector version 7.0.7.7288 for Linux 64 bit Operating System and was able to gather users from Active Directory 2012 Infrastructure.

So yes, I say it should work.

All the best,

Stefan

0 Likes
anwer.alg Frequent Contributor.
Frequent Contributor.

Re: Windows AD Actor Import Connector

Jump to solution

Stefan,

Again I couldn't thank you enough for your help,

What would you say is the main advantage of using this connector in our SIEM solution.

0 Likes
stefan.oancea Outstanding Contributor.
Outstanding Contributor.

Re: Windows AD Actor Import Connector

Jump to solution

Hello Anwer,

This depends on whether or not you want to use the Actor feature, and what scenarios/use cases you want to develop. First thing you should do is of course check if you have the Actor feature enabled.

In the past, this connector was used together with the Identity View package, which as far as I know was taken out. The Identity and User Behavior related features are now covered by the UBA solution. Also, last time I checked the Identity View package had most of the Use Cases implemented for Windows 2003 Infrastructures, but by default it was lacking some of them for Windows 2008. So you had to fine tune that yourself, and of course for Windows 2012.

That being said, if you have the Actor feature enabled you can still benefit from this connector without necessarily having the Identity View package. For example, you could create Use Cases for specific monitoring of Enterprise Admin accounts. With the Actor Model Import Connector you could automatically update information about the Enterprise Admin accounts in your infrastructure without having to manually update static Active Lists for example.

There are many ideas you could implement around the idea of having Actor information brought into your SIEM, you just need to identify the relevant ones for your environment. The most useful for me I found was that from a Windows log including a user-name, I could go to the Actor information and find out what AD group that user was part of, and depending on the group take decisions according to that. Of course, with some more development you could even implement some of the old Identity View Use Cases yourself; but nowadays I would personally go for a dedicated UBA solution.

All the best,

Stefan

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.