cancel
Showing results for 
Search instead for 
Did you mean: 

Deaing with Security_ID field for Active Directory users

Hello,

Normalization rules such as "A member was added to a security-enabled universal group" give me the following fields:

Source User = the user who performed the operation

object = the group that was changed

Security_ID = the new group member

This is useful up to a point, but of course I don't know the account name, or the email address, or anything about the user who was added to the group unless I use Powershell to look up the SID. 

I'm wondering how others handle this problem... or if I'm missing something?

I'm on version 10.2 here.

Any help is appreciated!

Thanks in advance,

- Steve

 

2 Replies
Highlighted
Reliable Contributor David1111
Reliable Contributor
Report Inappropriate Content
Message 2 of 3

Re: Deaing with Security_ID field for Active Directory users

Hi RsKadish.

your right! there's a simple solution for that.

you just need to add "Enrichment Fields" for the User name.

it will go the LDAP data base and query the needed fields.

 

Update here if you need help accomplishing this.

 

Best Regards👍👍👍

David.

Re: Deaing with Security_ID field for Active Directory users

Hello David,

Thanks and sorry for the late reply.  Yes, I would appreciate some help with this.  We already have some data enrichment fields for getting the full name and email address from the Source User, but from the Security_ID?  I don't see that field as an option for the Lookup Field when I create a new rule.

Thanks,

- Steve

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community