My organization has decided to drop log support in RSA (don't ask why, it wasn't my idea). If I'm using RSA for a packet only solution, can I still connect to Active Directory for an identity feed? My understanding is that I use the log collector to ingest the windows security events that the identify feed processes. Can someone clarify how this is supposed to work?
/Dion Stempfley
Dion Stempfley
Cybersecurity Analyst
Institute for Defense Analyses
