MS Active Directory
This Quick Start Guide provides configuration details for SMA support:: Windows Security Events using Windows Event Forwarding (Windows).
Support Specifications:
Version: Windows Server 2008 and later
Configuration Prerequisites:
Prerequisite | Description | For additional details, see... |
---|---|---|
1. Access to Oracle Management Cloud | You must have an Oracle Cloud account containing an OMC instance with administrator privileges. | How Do I Access Oracle Management Cloud? in Managing and Monitoring Oracle Cloud |
2. The dedicated Windows server configured with default settings | This is where the logs are being stored. | Install and Deploy Windows Server in Windows Server 2008 R2 and Windows Server 2008 |
3. Cloud agent(s) installed and Log Analytics licensing enabled | The dedicated Windows host that's running Windows Event Collector. This host will be discovered as an entity in OMC. | Install the Cloud Agent and Enable Oracle Log Analytics in Using Log Analytics Environment Requirements in Installing and Managing Oracle Management Cloud Agents |
4. Security Monitoring and Analytics licensing enabled | Note that SMA Data Enrichment is disabled by default. | Enabling Automatic Log Analytics and Security Monitoring and Analytics Data Collection in Getting Started with Oracle Management Cloud |
OMC Configuration Steps:
Windows Events Config. | Task requirements | For additional details, see... |
---|---|---|
STEP 1. - Enable Windows Event Forwarding and Auditing is enabled on the dedicated Windows host. | Configure your audit and forwarding policies based on your environment requirements. | AD DS Auditing Step-by-Step Guide and Audit Policy Recommendations in Windows Server 2008 R2 and Windows Server 2008 |
STEP 2. - Enable Log Collection in Security Monitoring and Analytics. | - | Enabling Automatic Log Analytics and Security Monitoring and Analytics Data Collection in Getting Started with Oracle Management Cloud |
STEP 3. - Add an Entity Association to support the new logs in OMC using Log Analytics. | Associate Windows Security Events with your OMC entity (the dedicated Windows server where you installed the OMC agent). |
Associating Log Sources to Existing Entities in Using Oracle Log Analytics |
STEP 4. - Validate your log collection. | Confirm your setup was successful. | Validate Log Collections |