My organization has decided to drop log support in RSA (don't ask why, it wasn't my idea). If I'm using RSA for a packet only solution, can I still connect to Active Directory for an identity feed? My understanding is that I use the log collector to ingest the windows security events that the identify feed processes. Can someone clarify how this is supposed to work?
Dion Stempfley Cybersecurity Analyst Institute for Defense Analyses