Active Directory Sensor Installation

Installation Guide

Overview of AD Sensor

Arctic Wolf® uses the Active Directory (AD) Sensor to poll AD for user inventories and permissions to provide further visibility into the AD environment.

This document describes the Arctic Wolf AD Sensor, its dependencies, and the installation process.

Note: The AD Sensor is designed to run on a domain controller (DC). Do not install the AD Sensor on servers that do not function as DCs. If you need to forward all Windows Event Logs from other servers, or have another special use case, contact your Concierge Security® Team (CST) for assistance.

AD Sensor installation process

This is the installation process for the AD Sensor:

  1. Complete all AD Sensor installation prerequisites:

    1. If the operating system is:

      Note: Installing these frameworks may require a reboot.

    2. For each domain, follow the instructions to configure audit policies to generate events in the Windows Event Log in Configuring a Group Policy Object with Audit Policies. This enables Arctic Wolf to monitor security and operational events on your Windows server.

    3. If applicable, for each domain controller, follow the instructions to configure the Windows server to log DNS packets in Enabling DNS Logging for a Windows Server. This enables Arctic Wolf to monitor DNS logs on your Windows server.

  2. Download and install NXLog Community Edition on all DCs, and then follow the instructions for Installing NXLog.

  3. Follow the instructions for Installing the Active Directory Sensor to install the AD Sensor on each DC.

  4. Contact Arctic Wolf to notify us that the AD Sensor installation is complete.