Faddom

Faddom has the ability to connect to your Active Directory servers and determine which users are accessing which servers. Using this information, Faddom can show you information such as the top users connecting to a server and which servers individual users are connecting to.

Using the feature requires access to Active Directory and requires a Windows Proxy to perform the task. To install the proxy, you can follow <a href="https://support2.faddom.com/en/articles/9428892" rel="nofollow noopener noreferrer" target="_blank">How to Setup the Faddom Proxy</a>. This needs to be done prior to setting up the Active Directory connection, however, if you already have one setup, you do not need a second one for this task.

1. 1. Go to Settings &gt; User Discovery 
 
 
 
 2. Click Add Active Directory Domain
 
 
 3. Add the required details. If you have multiple domains, you will need to do this per domain. 
 
 
 - - The user you wish to use needs to be a member of the Event Log Readers Group as the information is gathered via the AD Event Log
 - Detect DCs Automatically - Faddom will try to resolve the domain name to get a list of domain controllers. Alternatively, you can specify which domain controllers to connect to manually.
 - Enable Discovery - To populate this data, this should be toggled on.
 - Ports 135 and 445 need to be opened from the Faddom proxy to the domain controllers. See What ports need to be open for Faddom to function. for more information see <a href="https://support2.faddom.com/en/articles/9429004" rel="nofollow noopener noreferrer" target="_blank">What ports need to be open for Faddom to function?</a>
 4. Once added, you will be presented with a list of domain(s)added. You can use the Edit 
 
 mceclip11.png
 icon amend the details or the Delete icon to remove the connection.

1. 1. 1. Go to Settings &gt; User Discovery 
 
 
 
 2. Click Add Active Directory Domain
 
 
 3. Add the required details. If you have multiple domains, you will need to do this per domain. 
 
 
 - - The user you wish to use needs to be a member of the Event Log Readers Group as the information is gathered via the AD Event Log
 - Detect DCs Automatically - Faddom will try to resolve the domain name to get a list of domain controllers. Alternatively, you can specify which domain controllers to connect to manually.
 - Enable Discovery - To populate this data, this should be toggled on.
 - Ports 135 and 445 need to be opened from the Faddom proxy to the domain controllers. See What ports need to be open for Faddom to function. for more information see <a href="https://support2.faddom.com/en/articles/9429004" rel="nofollow noopener noreferrer" target="_blank">What ports need to be open for Faddom to function?</a>
 4. Once added, you will be presented with a list of domain(s)added. You can use the Edit 
 
 mceclip11.png
 icon amend the details or the Delete icon to remove the connection.

There are two ways to see the information. You can use the <a href="https://support2.faddom.com/en/articles/9428909" rel="nofollow noopener noreferrer" target="_blank">Search</a> function to search by user. Performing this search will show which servers and applications a user has accessed, as well as when the login occurred.

You can also see the results of what Faddom is found by navigating to the Security tab by going to the <a href="https://support2.faddom.com/en/articles/9428935" rel="nofollow noopener noreferrer" target="_blank">Server Properties</a>

Click on a server from a map, search, or click on the properties icon - from any list view

Click on the Security tab where you will be presented with the information

You will see the Security Dashboard

1. Click on a server from a map, search, or click on the properties icon - from any list view
2. Click to expand the properties
3. Click on the Security tab where you will be presented with the information
4. You will see the Security Dashboard 
 
 user discovery.gif

Setting Up Discovery

Viewing the Results