|
Description |
If events matches Condition lookup the ADAttributeList String for the first member matching query Expression in active directory context Expression on Host using Login, AuthenticationProtocol String and AuthenticationType String. |
|
|
|
|
Comments |
If Host or Login parameters are missing, empty or invalid, the filter will be disabled. Username is Login parameter must be specified in user@domain format. If AuthenticationProtocol String is missing, then the value of empty string ("") is assumed. If AuthenticationType String is missing, then the value of "simple" is assumed. Returned value is contained in event field ev:ad.name_of_attributte e.g. If ADAttributeList String is "memberOf" values will be returned in ev:ad.memberOf. |
<filter objectId="getUserSecurityGroups" type="Active Directory Search Filter"> <parameter autoSetDescription="true" comments="" description="Match all Events" type="Condition"> <negatePrimaryCondition>false</negatePrimaryCondition> <conditionRelation>All</conditionRelation> </parameter> <parameter type="String">memberOf</parameter> <parameter autoSetDescription="true" comments="" description="CN=ev:act.user" type="Expression"> <type>String</type> <formatString>CN=%1%</formatString> <formatParmSpec> <type>EventType</type> <name>ev:act.user</name> </formatParmSpec> </parameter> <parameter autoSetDescription="true" comments="" description="cn=users, dc=EVENTGNOSIS-QA1, dc=local" type="Expression"> <type>String</type> <formatString>cn=users, dc=EVENTGNOSIS-QA1, dc=local</formatString> </parameter> <parameter type="Host">5.67.196.181</parameter> <parameter type="Login"> <user>Admin@EVENTGNOSIS-QA1.local</user> <password>9IMBO44351344338337445331341</password> </parameter> <parameter type="String"/> <parameter type="String">simple</parameter> </filter>