Why do you think that https://github.com/splunk/security_content is a good alternative to Graylog_3.0_Content_Pack_Active_Directory_Auditing
Why do you think that https://github.com/splunk/security_content is a good alternative to Graylog_3.0_Content_Pack_Active_Directory_Auditing