Active Directory Users and the Groups the are Members of?
I setup the new Windows Active Directory Source and am pulling the Active Directory data into Sumo. We have built some nice queries to pull users, groups, etc. from the AD schema. However we are not seeing the groups users are members of.
The documentation says the following is pulled by default:
- Security groups to which the employee is assigned, which allows Cloud SIEM Enterprise to determine the privileges the user has on the company network
How do we see this data? Thanks.
-
Figured it out. My initial list of attributes was:
member; memberof
That pulled the members (member) of groups but not the groups that users were in (memberof), so I tried:
member; memberOf
Again, that pulled the members (member) of groups but not the groups that users were in (memberof), so I tried:
member;memberOf
As you can see the third time I removed the space after the semicolon in the list. This worked and now when I look at the users I see the memberOf field with all groups that the user belongs to.
I would still like to know why this information is not pulled with default settings as is stated in the Sumo Logic documentation.
Please sign in to leave a comment.
Comments
3 comments