cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
IgorMuster
Level 8
Report Inappropriate Content
Message 1 of 7
‎06-16-2019 08:47 AM

Is there any method for Data Enrichment be case insensitive?

Hello,

I have an issue with Data Enrichment based on LDAP queries against the Active Directory functionality since McAfee ESM is case sensitive - is there any way to resolve this issue?

Thanks

 

Reply
6 Replies
lhud64
Level 8
Report Inappropriate Content
Message 2 of 7
‎07-10-2019 06:15 AM

Re: Is there any method for Data Enrichment be case insensitive?

I am trying to use a LDAP query from an AD server with makes all hostnames in uppercase, but the events in the siem  as lowercase. Is there any way to create a watchlist and have a case insensitive button or something like when using Dashboards.

I have seen this being asked many timesfor over 5 yrs in the forums but have seen no response to add this as an improvement.

0 Kudos
Reply
David1111
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 3 of 7
‎08-14-2019 05:29 AM

Re: Is there any method for Data Enrichment be case insensitive?

Hi, igor.

in the Data Enrichment phase - theirs' no solution for importing in uppercase or lower case.

but you could configure case insesitive when quering or filtering in the Dashboards \ Reports

by clicking on the "Aa" button.

 

just want to mention... in the correlation rules you will not be able to correlate with case insensitive...

just in fields that give you a option for REGEX then you could insert the proper REGEX for case insensitive.

 

Best Regards👍👍👍

David.

 

 

0 Kudos
Reply
lhud64
Level 8
Report Inappropriate Content
Message 4 of 7
‎09-05-2019 01:33 AM

Re: Is there any method for Data Enrichment be case insensitive?

my issue is not with dashboards as I know I can use case sensitive. What is the point of using dynamic watchlist from AD if they won't work due to case sensitive. Many people have asked for this , but why it has never been added is a huge oversite. 

Reply
David1111
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 5 of 7
‎09-10-2019 01:29 AM

Re: Is there any method for Data Enrichment be case insensitive?

Yes your right!

i'm trying also to accomplish the above.

i think that the only solution is to write a script that accesses the ESM API

pules the entire list

copy's everything for big ans small letters and then posts the entire list back to the ESM.

do you have a better idea how to do it ?!

 

Best regards👍👍👍

David.

0 Kudos
Reply
lhud64
Level 8
Report Inappropriate Content
Message 6 of 7
‎09-10-2019 01:35 AM

Re: Is there any method for Data Enrichment be case insensitive?

I export the pull from AD to excel and use the option to change the case sensitive and then put into another watchlist., This defeats the whole thing for a dynamic pull as it now makes it manual. Again I point to why people have asked for this for 5+ yrs and still not added in. What is the point of this forums if every improvement is ignored.
0 Kudos
Reply
David1111
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 7 of 7
‎09-10-2019 02:07 AM

Re: Is there any method for Data Enrichment be case insensitive?

good question, i hope McAfee will wake up

before migration of more costumers to Qradar.

 

Best Regards👍👍👍

David.

0 Kudos
Reply
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community


Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA

Consumer Support   |   Enterprise Support   |   McAfee.com

Legal   |   Privacy   |   Copyright © 2020 McAfee, LLC