We have a Users OU in AD that includes employees. There's a Contractors OU as well. Sometimes an employee gets accidentally put into the Contractors OU. Since they get enough access, they can reside in there indefinitely until somebody does an audit.
Is there a way that Sumo Logic could watch the Corp OU and report newly create user accounts and their corresponding OU?
Then we could see if a user was put into the Contractors OU who might have an AD attribute showing they are actually an employee (like a person number).
Please sign in to leave a comment.