Active Directory Users and the Groups the are Members of?

July 21, 2021 15:39

I setup the new Windows Active Directory Source and am pulling the Active Directory data into Sumo. We have built some nice queries to pull users, groups, etc. from the AD schema. However we are not seeing the groups users are members of.

The documentation says the following is pulled by default:

Security groups to which the employee is assigned, which allows Cloud SIEM Enterprise to determine the privileges the user has on the company network

How do we see this data? Thanks.

Comments

3 comments

David Day

July 22, 2021 14:02
I have added the member attribute for groups and the memberof attribute for users to get this information but according to the Sumo documentation the Security Groups to which the employee is assigned should have been pulled by default.
0

Comment actions Permalink
David Day

July 27, 2021 14:53

Edited
I am now receiving the member attribute under Groups, however, I am still not seeing the memberof attribute under users. I tried both memberof, and memberOf in the attribute list.

Again, this is supposed to be default data being pulled but cannot locate.
0

Comment actions Permalink
David Day

July 28, 2021 12:58
Figured it out. My initial list of attributes was:

member; memberof

That pulled the members (member) of groups but not the groups that users were in (memberof), so I tried:

member; memberOf

Again, that pulled the members (member) of groups but not the groups that users were in (memberof), so I tried:

member;memberOf

As you can see the third time I removed the space after the semicolon in the list. This worked and now when I look at the users I see the memberOf field with all groups that the user belongs to.

I would still like to know why this information is not pulled with default settings as is stated in the Sumo Logic documentation.
0

Comment actions Permalink

Please sign in to leave a comment.

Comments

Didn't find what you were looking for?