+9I am pulling in AD Context Logs
as per Collect Microsoft Windows AD logs | Google Security Operations | Google Cloud
For user accounts, I am seeing the Enrichment in my event logs, however for Computer objects I am not seeing this?
Here’s the context data
But when I check event logs for that host:
although the IP is there, which I doubt is from enrichment, the other attributes not… I need at least the role.
Best answer by JSpoorSonic
Issue has been fixed.
It was a matter of incorrect namespaces.
+7Hi, I would start by checking the data ingestion process and the LDAP filter manually on a Windows server to see what results you get and confirm whether the information meets your needs. It’s possible that the data isn’t being ingested into the system at all. If all the data is being pulled correctly, you’ll likely need to work on enrichment fields and mapping within your SecOps instance.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
