Understanding Ldap/ AD List

LDAP lists is another type of enriching logs for LDAP information. Lists match LDAP information of specific group/users and writes exact LDAP values to desired logs.

 

In the example above, the department information of the users registered on Ldap is retrieved and the Source.DepartmentName column is opened to all logs. Thus, the logs are enriched with this information from Ldap.

Basic/Advanced Mode: For detailed usage of lists you must click “Advanced Mode” Description: In terms of definition, you need to specify a name for the list.

Type: LDAP / AL

Severity: The part you are going to specify is what importance it has.

Context: You can tag the object, which enters this list, as Suspicious, Victim or Attacker for future events.

Tag: You can determine from this section which groups will have the authority to view the list that you are creating. (Click for directing Tag Feature)

Connection: You can enrich the content of the log by receiving additional column information from your LDAP server in the logs on the Logsign Unified SecOps Platform. 

Search Domain: You need to enter your Domain Information.

Query: You need to enter your query of Domain Information which should add to LDAP connection information. 

Key Field: You need to enter the field which should be gathered from LDAP (sAMAccountName)

Collect Fields: You need to enter the field which should be colleted from LDAP (sAMAccountName)

Update Period: You will give you the information on how long you will update for that event, ignoring the check events in the last option.

Purge Period: The number of seconds after which the information to retrieve from the list will be given. By default, it is specified as three thousand (3000) seconds.

In Modifier;

Key Field: It maches Domain Admins’ UserName and creates Source.DepartmentName column and set “Departments of Users” 

Then you use the Save button to save settings.

 

Was this article helpful?
0 out of 0 found this helpful

Articles in this section

Become a Certified Logsign User/Administrator
Sign-up for Logsign Academy and take the courses to learn about Logsign USO Platform in detail. Enjoy the courses, and get your badges and certificates. In these courses, you'll learn how to use Logsign in your work and add value to your career.
Visit Our Blog
Our Logsign USO Platform illustrate our expertise. So do the blog. Through our blog posts, deepen your knowledge on various SecOps topics or get updated about important news & modern approaches for cybersecurity. Get into the habit of reading valuable information provided by Logsign. Be a step ahead.