When you configure your ManageEngine ADAudit Plus to send log data to USM Appliance, you can use the ADAudit Plus plugin to translate raw log data into normalized events for analysis. The table below provides some basic information for the plugin.

Plugin Information

Device	Details
Vendor	ManageEngine
Device Type	Management Platform
Connection Type	Syslog
Data Source Name	ADAuditplus
Data Source ID	1781

Integrating ManageEngine ADAudit Plus

Before you configure the ManageEngine ADAudit Plus integration, you must have the IP Address of the USM Appliance Sensor.

To configure ManageEngine ADAudit Plus to send Syslog messages to USM Appliance

1. From the ADAudit Plus user interface, click on the Admin tab and then select SIEM Integration.
2. Select the Enable checkbox and choose the Syslog radio button.
3. Enter your USM Appliance IP address in the Syslog server field.
4. Enter the Syslog port number 514 and protocol.
5. Choose the Syslog standard and data format as required by your SIEM parser.
6. Save the configuration; then choose the categories of messages to forward to USM Appliance.

   

Plugin Enablement

For plugin enablement information, see Enable Plugins.

Additional Resources and Troubleshooting

https://www.manageengine.com/products/active-directory-audit/help/getting-started/siem-integration.html

For troubleshooting, refer to the vendor documentation:

https://www.manageengine.com/products/active-directory-audit/help/troubleshooting/troubleshooting.html