Wazuh shuffle AD authentication

[Muhammad Hassam]

Hi Team,

 

I’m following the guide to integrate Wazuh with Shuffle to achieve the use case of Configure Shuffle to respond to Active Directory app to disable a user account that attempts to dump the SAM database. I have successfully forwarded the desired alert to shuffle.

 

I’m having issues while connecting my Active directory domain controller(Testing machine) with shuffle. Although I put all the necessary fields required to connect it. I tried to put IP address instead of hostname also but it’s still not authenticating.

I have shuffle on cloud and wazuh and AD environment is on premises.

 

 

 

Ref: https://wazuh.com/blog/integrating-wazuh-with-shuffle/

 

      

Thanks & Regards,

 

Muhammad Hassam

 

[Gonzalo Membrillo Solbes]

Hello Muhammad,

In the screenshot you shared we can see that the exception being raised is an invalid server address. I would verify that all the information matches the AD you are attempting to authenticate, including the IP address and that the machine hosting the AD has access to the internet. You can check the information by running the following command on Powershell:

Get-ADDomain

I'm going to leave the links to both Shuffle's and Microsoft's AD documentations since it appears to be a problem concerning one of those parts:

https://learn.microsoft.com/en-us/troubleshoot/windows-server/identity/active-directory-overview

https://github.com/Shuffle/Shuffle

I hope you find this helpful. Do let us know if you need anything else.

Best regards,

Gonzalo