Active Directory

Description

The Active Directory plugin allows DeepHunter to connect to an LDAP server to gather additional information about users based on usernames previously gathered by other plugins (e.g., SentinelOne).

Settings

LDAP_SERVER

  • Type: string

  • Description: LDAP server. Used to connect to the LDAP to gather additional information about a user based on a username (previously gathered by S1 using last logged in user), in the timeline view. To ignore the LDAP connection, set LDAP_SERVER to an empty string.

  • Example:

# Set to empty string if you don't want to get additional user info from AD
# LDAP_SERVER = ''
LDAP_SERVER = 'gc.domain.com'

LDAP_PORT

  • Type: integer

  • Description: LDAP port. Used to connect to the LDAP to gather additional information about a user based on a username (previously gathered by S1 using last logged in user), in the timeline view.

  • Example:

LDAP_PORT = 636

LDAP_SSL

  • Type: boolean

  • Possible values: True or False

  • Description: Force the LDAP connection to use SSL. Used to connect to the LDAP to gather additional information about a user based on a username (previously gathered by S1 using last logged in user), in the timeline view.

  • Example:

LDAP_SSL = True

LDAP_USER

  • Type: string

  • Format: user@domain

  • Description: LDAP user (e.g., a service account). Used to connect to the LDAP to gather additional information about a username (previously gathered by S1 using last logged in user), in the timeline view.

  • Example:

LDAP_USER = 'SRV12345@gad.domain.com'

LDAP_PWD

  • Type: string

  • Description: LDAP password associated to LDAP_USER. Used to connect to the LDAP to gather additional information about a user based on a machine name, in the timeline view.

  • Example:

LDAP_PWD = 'Awes0m3#P455w9rD'

LDAP_SEARCH_BASE

  • Type: string

  • Description: LDAP search base used to query the LDAP when searching for a user from a machine name. Usually composed of a serie of nested DC values.

  • Example:

LDAP_SEARCH_BASE = 'DC=gad,DC=domain,DC=com'

LDAP_ATTRIBUTES

  • Type: string

  • Description: LDAP attributes mapping. Expected values returned by the LDAP search should include the username, job title, business unit, office location, country. Depending on your LDAP architecture, fields could have different names. Use this mapping table to specify the corresponding fields.

  • Example:

LDAP_ATTRIBUTES_USER_NAME = 'displayName'
LDAP_ATTRIBUTES_JOB_TITLE = 'title',
LDAP_ATTRIBUTES_BUSINESS_UNIT = 'division',
LDAP_ATTRIBUTES_OFFICE = 'physicalDeliveryOfficeName',
LDAP_ATTRIBUTES_COUNTRY = 'co'