cancel
Showing results for 
Search instead for 
Did you mean: 

Is there any method for Data Enrichment be case insensitive?

Hello,

I have an issue with Data Enrichment based on LDAP queries against the Active Directory functionality since McAfee ESM is case sensitive - is there any way to resolve this issue?

Thanks

 

6 Replies
lhud64
Level 8
Report Inappropriate Content
Message 2 of 7

Re: Is there any method for Data Enrichment be case insensitive?

I am trying to use a LDAP query from an AD server with makes all hostnames in uppercase, but the events in the siem  as lowercase. Is there any way to create a watchlist and have a case insensitive button or something like when using Dashboards.

I have seen this being asked many timesfor over 5 yrs in the forums but have seen no response to add this as an improvement.

Reliable Contributor David1111
Reliable Contributor
Report Inappropriate Content
Message 3 of 7

Re: Is there any method for Data Enrichment be case insensitive?

Hi, igor.

in the Data Enrichment phase - theirs' no solution for importing in uppercase or lower case.

but you could configure case insesitive when quering or filtering in the Dashboards \ Reports

by clicking on the "Aa" button.

 

just want to mention... in the correlation rules you will not be able to correlate with case insensitive...

just in fields that give you a option for REGEX then you could insert the proper REGEX for case insensitive.

 

Best Regards👍👍👍

David.

 

 

lhud64
Level 8
Report Inappropriate Content
Message 4 of 7

Re: Is there any method for Data Enrichment be case insensitive?

my issue is not with dashboards as I know I can use case sensitive. What is the point of using dynamic watchlist from AD if they won't work due to case sensitive. Many people have asked for this , but why it has never been added is a huge oversite. 

Reliable Contributor David1111
Reliable Contributor
Report Inappropriate Content
Message 5 of 7

Re: Is there any method for Data Enrichment be case insensitive?

Yes your right!

i'm trying also to accomplish the above.

i think that the only solution is to write a script that accesses the ESM API

pules the entire list

copy's everything for big ans small letters and then posts the entire list back to the ESM.

do you have a better idea how to do it ?!

 

Best regards👍👍👍

David.

lhud64
Level 8
Report Inappropriate Content
Message 6 of 7

Re: Is there any method for Data Enrichment be case insensitive?

I export the pull from AD to excel and use the option to change the case sensitive and then put into another watchlist., This defeats the whole thing for a dynamic pull as it now makes it manual. Again I point to why people have asked for this for 5+ yrs and still not added in. What is the point of this forums if every improvement is ignored.
Reliable Contributor David1111
Reliable Contributor
Report Inappropriate Content
Message 7 of 7

Re: Is there any method for Data Enrichment be case insensitive?

good question, i hope McAfee will wake up

before migration of more costumers to Qradar.

 

Best Regards👍👍👍

David.

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community