Enable LDAP server events logging using GPO - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Documentation

Product
Cortex XSIAM
Creation date
2024-03-06
Last date published
2025-01-26
Category
Administrator Guide
  1. On a domain controller or a system with Remote Server Administration Tools (RSAT) installed, open the Group Policy Management Console (GPMC).

  2. Create a new Group Policy Object (GPO): Right-click on the domain or organizational unit (OU) where your domain controllers reside, then select Create a GPO in this domain, and Link it here.... Give it a descriptive name, e.g. Domain Controller Registry Settings.

  3. Edit the GPO.

    1. Right-click on the newly created GPO and select Edit.

      image33.png
    2. In the Group Policy Management Editor, navigate to Computer ConfigurationPreferencesWindows SettingsRegistry.

      image18.png
    3. Add Registry Items: Right-click on Registry and select NewRegistry Item.

      image36.png
    4. Configure Registry Keys: For each of the registry keys you want to set, create a new Registry Item.

  4. Close the Group Policy Management Editor.

  5. To link the GPO to the OU where your domain controllers reside, in Group Policy Management, right-click the OU, select Link an Existing GPO, then select the GPO you just created.

    image22.png
  6. Force Group Policy Update: Force a Group Policy update using the gpupdate /force command on each domain controller or by restarting them.