Ldap / AD Connection Enrichment and Modifier Technology

By connecting to the Ldap / AD server via Logsign, we can enrich the all logs with user attributes as automatically from Ldap / AD Server (such as Department Names, Display Names, Mobile Phones).

In addition, we can add other retained attributes for the user activities. For example the number of times a bad password login attempt has been made.

First of all, your LDAP integration should be ready for this process. You can seek help from integration articles for this procedure.

Then we can create a Ldap /AD list from Lists and Behaviors menu from the Alerts and Behaviours Tab in Logsign Unified SecOps Platform Interface.

163.png

6.png

We’re selecting our Ldap Connection from the Connection Tab, adding Search Domain from the Ldap, defining Query and Key Field.

Collect field should be written as “badPwdCount”, if we get the count of Bad Pass Usage for the users.

In the Modifier Tab, we match the Destination.UserName column with Display.Name(from Ldap) and add the PwdCount information(from Ldap) as “Destination.PwdCount column” for all logs.

 

Was this article helpful?
1 out of 1 found this helpful

Articles in this section

Become a Certified Logsign User/Administrator
Sign-up for Logsign Academy and take the courses to learn about Logsign USO Platform in detail. Enjoy the courses, and get your badges and certificates. In these courses, you'll learn how to use Logsign in your work and add value to your career.
Visit Our Blog
Our Logsign USO Platform illustrate our expertise. So do the blog. Through our blog posts, deepen your knowledge on various SecOps topics or get updated about important news & modern approaches for cybersecurity. Get into the habit of reading valuable information provided by Logsign. Be a step ahead.