Hello,
I have an issue with Data Enrichment based on LDAP queries against the Active Directory functionality since McAfee ESM is case sensitive - is there any way to resolve this issue?
Thanks
I am trying to use a LDAP query from an AD server with makes all hostnames in uppercase, but the events in the siem as lowercase. Is there any way to create a watchlist and have a case insensitive button or something like when using Dashboards.
I have seen this being asked many timesfor over 5 yrs in the forums but have seen no response to add this as an improvement.
Hi, igor.
in the Data Enrichment phase - theirs' no solution for importing in uppercase or lower case.
but you could configure case insesitive when quering or filtering in the Dashboards \ Reports
by clicking on the "Aa" button.
just want to mention... in the correlation rules you will not be able to correlate with case insensitive...
just in fields that give you a option for REGEX then you could insert the proper REGEX for case insensitive.
Best Regards👍👍👍
David.
my issue is not with dashboards as I know I can use case sensitive. What is the point of using dynamic watchlist from AD if they won't work due to case sensitive. Many people have asked for this , but why it has never been added is a huge oversite.
Yes your right!
i'm trying also to accomplish the above.
i think that the only solution is to write a script that accesses the ESM API
pules the entire list
copy's everything for big ans small letters and then posts the entire list back to the ESM.
do you have a better idea how to do it ?!
Best regards👍👍👍
David.
good question, i hope McAfee will wake up
before migration of more costumers to Qradar.
Best Regards👍👍👍
David.
Download the new ePolicy Orchestrator (ePO) Support Center Extension which simplifies ePO management and provides support resources directly in the console. Learn more about ePO Support Center
Corporate Headquarters
2821 Mission College Blvd.
Santa Clara, CA 95054 USA