Capturing active directory authentication

Hi all,

Our bro sensor is connected to a tap, I would like to capture users Active directory and their IP address for tracking purposes. Is this possible?


It should be in Bro 2.5. There is an SMB analyzer in development that includes an NTLM analyzer.