home home
Other Sites
  • ArcticWolf.com
  • Unified Portal
  • Arctic Circle Community
  • Technical Support Knowledge Base
Request a Demo Internal Documentation
  • Aurora Endpoint Security
  • Managed Detection and Response (MDR)
  • Aurora Attack Surface Management (Aurora ASM)
  • Aurora Vulnerability Management (Aurora VM)
  • Managed Security Awareness (MA)
  • Incident Readiness and Response
  • Arctic Wolf Unified Portal
  • MSP Portal
  • Authentication
  • Sensors, Scanners, and Log Collectors
  • Arctic Wolf Agent
  • Onboarding Portal
  • Active Response, Log Forwarding, and Security Monitoring
  • Active Directory
  • Cloud Security Posture Management (CSPM)
  • IT Service Management (ITSM)
  • Developer and OEM
  • Product Updates
  • Additional Information about Products and Services
  • Legacy Risk Dashboard
  • Legacy Analytics
  • English
  • 日本語
  • Deutsch
  • Français
Sign In
  • Aurora Endpoint Security
  • Managed Detection and Response (MDR)
  • Aurora Attack Surface Management (Aurora ASM)
  • Aurora Vulnerability Management (Aurora VM)
  • Managed Security Awareness (MA)
  • Incident Readiness and Response
  • Arctic Wolf Unified Portal
  • MSP Portal
  • Authentication
  • Sensors, Scanners, and Log Collectors
  • Arctic Wolf Agent
  • Onboarding Portal
  • Active Response, Log Forwarding, and Security Monitoring
  • Active Directory
  • Cloud Security Posture Management (CSPM)
  • IT Service Management (ITSM)
  • Developer and OEM
  • Product Updates
  • Additional Information about Products and Services
  • Legacy Risk Dashboard
  • Legacy Analytics
  • English
  • 日本語
  • Deutsch
  • Français
  • ArcticWolf.com
  • Unified Portal
  • Arctic Circle Community
  • Technical Support Knowledge Base
Request a Demo
Internal Documentation
Sign In

Active Directory

Active Directory
  • Active Directory
    • Configure AD Sensor
      • Configure GPO Advanced Audit Policy
      • NXLog
      • Active Directory Sensor
      • ADFS Auditing
      • Active Directory Decoy Account
Home ▸ Active Directory ▸ Active Directory
Share this page
  • LinkedIn
  • X
  • Facebook
  • Email
Print page

Configure an Active Directory Sensor

  1. Configure an Arctic Wolf GPO Advanced Audit Policy.
  2. Optional: Configure Active Directory Certificate Service (AD CS) auditing.
    Note: This step is required if you have the AD CS role configured on your server.
  3. Install NXLog on each DC.
  4. Install Active Directory Sensor on each DC.
  5. Install the Arctic Wolf Agent on each DC.
  6. Install Sysmon on each DC.
  7. Optional: NXLog for auditing ADFS.
  8. Optional: Active Directory decoy accounts.
Active Directory (AD) Sensor Managed Detection and Response (MDR) Public

Last updated: April 7, 2026

Previous Active Directory Next Configure GPO Advanced Audit Policy
Arctic Wolf Help Documentation Arctic Wolf Help Documentation
© 2026 Arctic Wolf Networks Inc. All Rights Reserved.
Privacy Policy Terms of Use Cookie Policy Accessibility Statement Information Security Sustainability Statement