I have an issue with Data Enrichment based on LDAP queries against the Active Directory functionality since McAfee ESM is case sensitive - is there any way to resolve this issue?
I am trying to use a LDAP query from an AD server with makes all hostnames in uppercase, but the events in the siem as lowercase. Is there any way to create a watchlist and have a case insensitive button or something like when using Dashboards.
I have seen this being asked many timesfor over 5 yrs in the forums but have seen no response to add this as an improvement.
in the Data Enrichment phase - theirs' no solution for importing in uppercase or lower case.
but you could configure case insesitive when quering or filtering in the Dashboards \ Reports
by clicking on the "Aa" button.
just want to mention... in the correlation rules you will not be able to correlate with case insensitive...
just in fields that give you a option for REGEX then you could insert the proper REGEX for case insensitive.
my issue is not with dashboards as I know I can use case sensitive. What is the point of using dynamic watchlist from AD if they won't work due to case sensitive. Many people have asked for this , but why it has never been added is a huge oversite.
Yes your right!
i'm trying also to accomplish the above.
i think that the only solution is to write a script that accesses the ESM API
pules the entire list
copy's everything for big ans small letters and then posts the entire list back to the ESM.
do you have a better idea how to do it ?!