Solved

Domain Change

2 years ago
4 May 2021
1 reply
34 views

Userlevel 2

+3

Rupsan Shrestha
LogPoint Team
22 replies

What do we advise customers when there is a change in theorganizational domain but the log consists of old domain. For example: the system are extracting logs linked to the old email address like @immunesecurity.com, but in AD it is @logpoint.com.

icon

Best answer by Basudev Raut 4 May 2021, 06:37

View original

1 reply

Userlevel 3

+7

Basudev Raut
LogPoint Team
17 replies
2 years ago
4 May 2021
Answer

Hi Rupsan,

Splitting user@immunesecurity.com to user=user and comparing it with the SAMAccountName in LDAP table may not work because the SAMAccountName and the value in user field may not be the same.

There are two ways to handle this problem.

Dynamic enrichment with eval command.

sender="*logpoint.com" | process eval("email=replace(sender,'@logpoint.com','@abc.com')")

Custom Compiled normalizer that replaces immunesecurity.com to logpoint.com.

Reply

Sign up

Already a Partner or Customer? Login with your LogPoint Support credentials. Don‘t have a LogPoint Support account? Ask your local LogPoint Representative. Only visiting? Login with LinkedIn to gain read–access.

Login to the community

Already a Partner or Customer? Login with your LogPoint Support credentials. Don‘t have a LogPoint Support account? Ask your local LogPoint Representative. Only visiting? Login with LinkedIn to gain read–access.

Scanning file for viruses.

This file cannot be downloaded