By connecting to the Ldap / AD server via Logsign, we can enrich the all logs with user attributes as automatically from Ldap / AD Server (such as Department Names, Display Names, Mobile Phones).
In addition, we can add other retained attributes for the user activities. For example the number of times a bad password login attempt has been made.
First of all, your LDAP integration should be ready for this process. You can seek help from integration articles for this procedure.
Then we can create a Ldap /AD list from Lists and Behaviors menu from the Alerts and Behaviours Tab in Logsign Unified SecOps Platform Interface.
We’re selecting our Ldap Connection from the Connection Tab, adding Search Domain from the Ldap, defining Query and Key Field.
Collect field should be written as “badPwdCount”, if we get the count of Bad Pass Usage for the users.
In the Modifier Tab, we match the Destination.UserName column with Display.Name(from Ldap) and add the PwdCount information(from Ldap) as “Destination.PwdCount column” for all logs.