ManageEngine ADManager Plus¶
About¶
ManageEngine ADManager Plus is an enterprise identity governance and administration (IGA) solution that helps administrators handle day-to-day AD management and reporting tasks with ease.
Product Details¶
Vendor URL: ManageEngine ADManager Plus
Product Type: Windows Misc.
Product Tier: Tier III
Integration Method: Syslog
Parser Details¶
Log Format: JSON
Expected Normalization Rate: 100%
Data Label: ADMANAGER_PLUS
UDM Fields (list of all UDM fields leveraged in the Parser):
| Log File Field | UDM Field |
|---|---|
| ACTION | security_result.action_details |
| Container Name | target.user.product_object_id |
| Domain Name | target.domain.name |
| host | principal.hostname |
| target.email | |
| primaryGroupID | additional.fields |
| pwdLastSet | additional.fields |
| sAMAccountName | target.user.userid |
| Status | security_result.summary |
| Task | metadata.product_event_type |
| TechnicianName | principal.user.userid |
| Template Name | additional.fields |
| User Name | target.user.user_display_name |
| userAccountControl | additional.fields |
| userPrincipalName | target.hostname |
Product Event Types¶
| Event | UDM Event Classification |
|---|---|
| Create Bulk Users | USER_CREATION |
| Generic | GENERIC_EVENT |
| Modify Single User | USER_CHANGE_PERMISSIONS |
Log Sample¶
{"host":"ABCHOST","time":"Apr 04 14:36:35","message":{"Status":"Successfully created the user.","TechnicianName":"Last, First (Admin)","Task":"Create Bulk Users","mail":"johnsmith@gmail.com","User Name":"Smith\\, John","sAMAccountName":"john-smith","givenName":"John","Object Name":"john-smith","password":"********","ACTION":"User Management","Container Name":"OU=ACTP,OU=LDRUsers,DC=DOMAIN,DC=COM","primaryGroupID":"513","SAM Account Name":"john-smith","sn":"Smith","Primary Group":"CN=Domain Users,CN=Users,DC=DOMAIN,DC=COM","userPrincipalName":"john-smith@DOMAIN.COM","userAccountControl":"512","Domain Name":"DOMAIN.COM","pwdLastSet":"0"},"productName":"ADMP"}
Sample Parsing¶
additional.fields["primaryGroupID"] = "513"
additional.fields["pwdLastSet"] = "0"
additional.fields["userAccountControl"] = "512"
metadata.event_type = "USER_CREATION"
metadata.log_type = "ADMANAGER_PLUS"
metadata.product_event_type = "Create Bulk Users"
metadata.product_name = "ADManager Plus"
metadata.vendor_name = "ManageEngine"
principal.hostname = "ABCHOST"
principal.user.userid = "Last, First (Admin)"
security_result.action_details = "User Management"
security_result.action = "ALLOW"
security_result.summary = "Successfully created the user."
target.domain.name = "DOMAIN.COM"
target.email = "johnsmith@gmail.com"
target.hostname = "john-smith@LDRNET.COM"
target.user.product_object_id = "OU=ACTP,OU=LDRUsers,DC=DOMAIN,DC=COM"
target.user.user_display_name = "Smith\\, John"
target.user.userid = "john-smith"