Skip to content

How to collect data on Active Directory Assets Information

This page describes how to collect events from the ActiveDirectoryAssetsInformation data source.

Log in to the CYBERQUEST web interface with an account with administrative rights.

Navigate to Settings > Management > Data Source Manager.

Settings > Management > Data Source Manager

This page contains all the data sources added in the CYBERQUEST application.

Data sources list

Complete the form

Press the "Add data-source" button and complete the following form:

Add data source form

DataSource Type: Select "Applications/Active Directory Assets Information (LogName: ActiveDirectoryAssetsInformation)" data source type;

DataSource Information: This field is filled in automatically with data source information;

Query Interval: How often the query runs. Defaults to every 86400 seconds;

Credentials to use: Select a domain account with read access to Active Directory from the drop-down list (See Credential Setup: How to manage Credentials);

Tag: A unique identifier automatically assigned to the data source;

Administrative Notes: Optional notes for administrators;

Anonymize Fields: Select fields to be anonymized. One or more options can be selected;

AD Server: Enter the FQDN or IP of the Active Directory server;

Click the "Save" button to save the data source.

Assign the CYBERQUEST agent

The next step is to assign the CYBERQUEST agent to this data source. Use the drop-down list to choose the agent.

Assign agent dropdown

  • Edit: Click the Edit button button to update the data source information. The steps are similar to adding a new data source.

  • Clone: Click theClone icon to create a duplicate of the data source.

  • Delete: To remove a data source, unassign the Agent first, then click "Delete".