diff --git a/deployment-apps/ms_windows_ad_objects/default/collections.conf b/deployment-apps/ms_windows_ad_objects/default/collections.conf index 946c47da..c2e2f323 100755 --- a/deployment-apps/ms_windows_ad_objects/default/collections.conf +++ b/deployment-apps/ms_windows_ad_objects/default/collections.conf @@ -33,4 +33,5 @@ accelerated_fields.admin_user = { "admin_user" : 1 } enforceTypes = false [AD_Obj_Config_State_kv] -enforceTypes = false \ No newline at end of file +enforceTypes = false + diff --git a/deployment-apps/ms_windows_ad_objects/local/collections.conf b/deployment-apps/ms_windows_ad_objects/local/collections.conf new file mode 100755 index 00000000..9027cb3e --- /dev/null +++ b/deployment-apps/ms_windows_ad_objects/local/collections.conf @@ -0,0 +1,54 @@ +## MS AD Objects - KV Store Lookups ##AD_Obj_Domain_kv +[AD_Obj_Domain_kv] +enforceTypes = false +field.last_time_utc = time +accelerated_fields.domain = { "domain" : 1 } + +[AD_Obj_User_LDAP_list_kv] +enforceTypes = false +accelerated_fields.dn = { "dn" : 1 } + +[AD_Obj_Group_LDAP_list_kv] +enforceTypes = false +accelerated_fields.dn = { "dn" : 1 } +accelerated_fields.member = { "member" : 1 } + +[AD_Obj_Computer_LDAP_list_kv] +enforceTypes = false +accelerated_fields.dn = { "dn" : 1 } + +[AD_Obj_OU_LDAP_list_kv] +enforceTypes = false +accelerated_fields.dn = { "dn" : 1 } + +[AD_Obj_GPO_LDAP_list_kv] +enforceTypes = false +accelerated_fields.dn = { "cn" : 1 } + +[AD_Obj_Admin_Audit_list_kv] +enforceTypes = false +accelerated_fields.admin_user = { "admin_user" : 1 } + +[AD_Obj_UAC_kv] +enforceTypes = false + +[AD_Obj_Config_State_kv] +enforceTypes = false + +##-----------------------------------------------------------## +## Domain: jpit - KVStores +##-----------------------------------------------------------## +## Domain - jpit - User KVStore ## +[AD_Obj_User_jpit_kv] +enforceTypes = false +accelerated_fields.dn = { "dn" : 1 } +## Domain - jpit - Group KVStore ## +[AD_Obj_Group_jpit_kv] +enforceTypes = false +accelerated_fields.dn = { "dn" : 1 } +accelerated_fields.member = { "member" : 1 } +## Domain - jpit - Computer KVStore ## +[AD_Obj_Computer_jpit_kv] +enforceTypes = false +accelerated_fields.dn = { "dn" : 1 } + diff --git a/deployment-apps/ms_windows_ad_objects/local/transforms.conf b/deployment-apps/ms_windows_ad_objects/local/transforms.conf new file mode 100755 index 00000000..661c4ac1 --- /dev/null +++ b/deployment-apps/ms_windows_ad_objects/local/transforms.conf @@ -0,0 +1,260 @@ +## Version 4.0 Update - New MS AD Objects Lookups ## +## -- KVSTore -- ## +## MS AD Objects - KV Store Lookups ## +## Configuration State - Lookup ## +[AD_Obj_Config_State] +external_type = kvstore +collection = AD_Obj_Config_State_kv +fields_list = _key,state,version,last_run +case_sensitive_match = false + +## Getting Started Configuration Wizard - Environment Scope +[ms_ad_obj_cfg_gs] +batch_index_query = 0 +case_sensitive_match = 1 +filename = ms_ad_obj_cfg_gs.csv +## Matching Pre-Version 4.x Name: AD_Obj_Domain_Selector ## +[AD_Obj_Domain] +external_type = kvstore +collection = AD_Obj_Domain_kv +fields_list = _key,domain,host,DomainNetBIOSName,DomainDNSName,ForestName,Site,time,multi_lkps_enabled,kv_suffix,dc_val,user_lookup,group_lookup,computer_lookup +case_sensitive_match = false + +## Matching Pre-Version 4.x Name: AD_Obj_User_LDAP_list ## +[AD_Obj_User] +external_type = kvstore +collection = AD_Obj_User_LDAP_list_kv +fields_list = _key,accountExpires,adminCount,badPasswordTime,badPwdCount,c,cn,orig_cn,codePage,countryCode,dSCorePropagationData,dcName,deletedDate,department,description,displayName,distinguishedName,dn,dn_hist,dn_path,domain,DomainDNSName,givenName,guid_lookup,initials,instanceType,isCriticalSystemObject,isDeleted,isRecycled,l,lastKnownParent,lastLogon,lastLogonTimestamp,last_evt_flg,location,lockoutTime,logonCount,logonHours,lookup_usr,managedBy,msDS-SupportedEncryptionTypes,name,objectCategory,objectClass,objectGUID,objectSid,orig_evt_dn,OU,physicalDeliveryOfficeName,postalCode,primaryGroupID,pwdLastSet,sAMAccountName,sAMAccountType,servicePrincipalName,showInAdvancedViewOnly,sid_lookup,sn,st,streetAddress,title,uac_details,uac_bin_map,uSNChanged,uSNCreated,userAccountControl,userPrincipalName,userWorkstations,whenChanged,whenCreated,user_type,time +case_sensitive_match = false + +## Matching Pre-Version 4.x Name: AD_Obj_Computer_LDAP_list ## +[AD_Obj_Computer] +external_type = kvstore +collection = AD_Obj_Computer_LDAP_list_kv +fields_list = _key,accountExpires,badPasswordTime,badPwdCount,c,cn,orig_cn,codePage,countryCode,dNSHostName,dSCorePropagationData,dcName,deletedDate,description,displayName,distinguishedName,dn,dn_hist,dn_path,domain,DomainDNSName,instanceType,isCriticalSystemObject,isDeleted,isRecycled,l,lastKnownParent,lastLogon,lastLogonTimestamp,last_evt_flg,localPolicyFlags,logonCount,lookup_cmp,managedBy,msDFSR-ComputerReferenceBL,msDS-SupportedEncryptionTypes,name,objectCategory,objectClass,objectGUID,objectSid,operatingSystem,operatingSystemServicePack,operatingSystemVersion,orig_evt_dn,OU,primaryGroupID,pwdLastSet,rIDSetReferences,sAMAccountName,sAMAccountType,serverReferenceBL,servicePrincipalName,sid_lookup,src_nt_domain,st,uSNChanged,uSNCreated,userAccountControl,whenChanged,whenCreated,time +case_sensitive_match = false + +## Matching Pre-Version 4.x Name: AD_Obj_Group_LDAP_list ## +[AD_Obj_Group] +external_type = kvstore +collection = AD_Obj_Group_LDAP_list_kv +fields_list = _key,adminCount,c,cn,orig_cn,dSCorePropagationData,dcName,deletedDate,description,displayName,distinguishedName,dn,dn_hist,dn_path,domain,DomainDNSName,groupType,groupType_Name,guid_lookup,instanceType,isCriticalSystemObject,isDeleted,isDistributionList,isRecycled,l,lastKnownParent,last_evt_flg,lookup_grp,managedBy,member,membercount,MSADGroupType,MSADGroupClass,name,objectCategory,objectClass,objectGUID,objectSid,orig_evt_dn,OU,primaryGroupToken,sAMAccountName,sAMAccountType,showInAdvancedViewOnly,sid_lookup,src_nt_domain,st,systemFlags,uSNChanged,uSNCreated,whenChanged,whenCreated,time +case_sensitive_match = false + +## Matching Pre-Vers` ion 4.x Name: AD_Obj_GPO_LDAP_list ## +[AD_Obj_GPO] +external_type = kvstore +collection = AD_Obj_GPO_LDAP_list_kv +fields_list = _key,cn,deletedDate,displayName,distinguishedName,dn,dn_hist,domain,DomainDNSName,dSCorePropagationData,flags,gpo_link,gPCFileSysPath,gPCFunctionalityVersion,gPCMachineExtensionNames,instanceType,isCriticalSystemObject,isRecycled,isDeleted,lastKnownParent,lc,last_evt_flg,name,objectCategory,objectClass,objectGUID,orig_cn,showInAdvancedViewOnly,systemFlags,uSNChanged,uSNCreated,versionNumber,whenChanged,whenCreated,time +case_sensitive_match = false + +## Matching Pre-Version 4.x Name: AD_Obj_OU_LDAP_list ## +[AD_Obj_OU] +external_type = kvstore +collection = AD_Obj_OU_LDAP_list_kv +fields_list = _key,c,cn,deletedDate,description,displayName,distinguishedName,dn,dn_hist,domain,DomainDNSName,dSCorePropagationData,gPLink,gpo_link,guid_lookup,host,instanceType,isCriticalSystemObject,isDeleted,isRecycled,l,lastKnownParent,last_evt_flg,Linked_GPO,lookup_ou,managedBy,name,objectCategory,objectClass,objectGUID,orig_cn,orig_evt_dn,OU,q,revision,showInAdvancedViewOnly,st,systemFlags,uSNChanged,uSNCreated,versionNumber,whenChanged,whenCreated,time +case_sensitive_match = false + +## Matching Pre-Version 4.x Name: AD_Obj_Admin_Audit_list ## +[AD_Obj_Admin_Audit] +external_type = kvstore +collection = AD_Obj_Admin_Audit_list_kv +fields_list = _key,admin_user,admin_domain,last_time_string,last_time_utc +case_sensitive_match = false +## Removed for MULTI-DOMAIN KV Split Support ## +##fields_list = admin_dn,admin_dn_hist,admin_dn_path,admin_cn,admin_objectGUID,admin_userPrincipalName + +## Matching Pre-Version 4.x Name: AD_UAC_Details ## +[AD_Obj_UAC] +external_type = kvstore +collection = AD_Obj_UAC_kv +fields_list = _key,uac_bin_map,uac_details,userAccountControl +case_sensitive_match = false +## Removed - [AD_Objects_Queue] - Not Needed with KVStore +## Removed - [AD_Obj_Group_DL] AD_Obj_Group_DL_LDAP_list ## + +## -- csv File -- ## +## Future Use for Wizards +[ms_ad_obj_cfg_wiz_nav] +batch_index_query = 0 +case_sensitive_match = false +filename = ms_ad_obj_cfg_wiz_nav.csv + +## Static and Manual Update Lookup +[AD_Audit_Sensitive_Groups] +filename = AD.Audit.Sensitive.Groups.csv +case_sensitive_match = false + +## Static Lookup +[AD_Audit_Group_Type] +filename = ms_ad_obj_group_types.csv +case_sensitive_match = false + +[AD_Audit_Group_Details] +filename = ms_ad_obj_group_details.csv +case_sensitive_match = false + +[AD_Audit_Error_Codes] +filename = ms_ad_obj_error_codes.csv +case_sensitive_match = false + +[AD_Audit_Logon_Types] +filename = ms_ad_obj_logon_types.csv +case_sensitive_match = false + +[ms_ad_obj_app_eventcodes] +filename = ms_ad_obj_app_eventcodes.csv +case_sensitive_match = false + +[AD_Audit_Change_EventCodes] +batch_index_query = 0 +filename = ms_ad_obj_change_eventcodes.csv +case_sensitive_match = false + +[AD_Audit_Change_EventCodes_Std] +batch_index_query = 0 +case_sensitive_match = 1 +filename = ms_ad_obj_change_eventcodes_std.csv + +[AD_Audit_Change_EventCodes_Adv] +filename = ms_ad_obj_change_eventcodes_adv.csv +case_sensitive_match = false + +[AD_Audit_Default_Critical_Objects] +filename = ms_ad_obj_default_critical_objects.csv +case_sensitive_match = false + +[AD_Audit_Logon_Events] +batch_index_query = 0 +case_sensitive_match = 0 +filename = ms_ad_obj_evt_code_logons.csv + +## Extract Information Lookups ## +[field_info_AD_Obj_User] +batch_index_query = 0 +case_sensitive_match = false +filename = ms_ad_obj_field_AD_Obj_User.csv + +[field_info_AD_Obj_Computer] +batch_index_query = 0 +case_sensitive_match = false +filename = ms_ad_obj_field_AD_Obj_Computer.csv + +[field_info_AD_Obj_Group] +batch_index_query = 0 +case_sensitive_match = false +filename = ms_ad_obj_field_AD_Obj_Group.csv + +[ms_ad_obj_user_rights_map] +batch_index_query = 0 +case_sensitive_match = false +filename = ms_ad_obj_user_rights_map.csv + +[ms_ad_obj_uac_temp] +batch_index_query = 0 +filename = ms_ad_obj_uac_temp.csv +case_sensitive_match = false + +[ms_ad_obj_field_list] +batch_index_query = 0 +case_sensitive_match = false +filename = ms_ad_obj_lookup_field_lists.csv + +[ms_ad_obj_evt_code_desc] +batch_index_query = 0 +filename = ms_ad_obj_evt_code_desc.csv +case_sensitive_match = false + +[ms_ad_obj_status_icons] +batch_index_query = 0 +filename = ms_ad_obj_status_icons.csv +case_sensitive_match = false + +## Temp Holder for Multi-Domain Configuration Settings: +[tmp_ms_obj_md_cfg] +batch_index_query = 0 +filename = tmp_ms_obj_md_cfg.csv +case_sensitive_match = false + +## Initially Manually Build and then Dynamically Updated Lookups +[AD_Computer_LDAP_list] +filename = AD.Computer.LDAP.list.csv +case_sensitive_match = false + +[AD_User_LDAP_list] +filename = AD.Users.LDAP.list.csv +case_sensitive_match = false + +[AD_Groups_LDAP_list] +filename = AD.Groups.LDAP.list.csv +case_sensitive_match = false + +[AD_GroupPolicies_LDAP_list] +filename = AD.GroupPolicies.LDAP.list.csv +case_sensitive_match = false + +[AD_OU_LDAP_list] +filename = AD.OU.LDAP.list.csv +case_sensitive_match = false + +[AD_Distribution_List_LDAP_list] +filename = AD.Distribution.Lists.LDAP.list.csv +case_sensitive_match = false + +[AD_Domain_Selector] +filename = AD.Domain.Selector.list.csv +case_sensitive_match = false + +[AD_Audit_Admin_list] +filename = AD.Audit.Admin.list.csv +case_sensitive_match = false + +## AD admon Update Queues +[AD_Objects_Queue_Main] +filename = AD_Objects_Queue_Main.csv +case_sensitive_match = false + +[AD_UAC_Details] +filename = AD_UAC_Details.csv +case_sensitive_match = false + +[ms_ad_obj_inputs] +batch_index_query = 0 +filename = ms_ad_obj_inputs_vals.csv +case_sensitive_match = false + +## Added to extract the Domain DNS Name for ActiveDirectory Data - Required for building lookups and potential use of Multi-Domain Lookup Splitting.## +[ms_ad_obj_admon_dc_suffix] +REGEX = (?msi)(?:dcName\=(LDAP\:\/\/|)[a-zA-Z0-9_\-]+)\.([^(\r|\n|\/)]+) +FORMAT = dc_ldap::$1 dc_suffix::$2 + +[ms_ad_obj_admon_dc_val] +REGEX = (?msi)(?:objectCategory\=.*)(?:\,CN\=(Configuration|Deleted\sObjects)\,DC\=)([^(\r|\n|\|)]+) +FORMAT = dc_category::$1 dc_val::$2 + +[ms_ad_obj_cs_changed_attributes_values] +REGEX = (?msi)(?:Additional Details:|Changed Attributes|Attribute:)(?:\s|\n|\r)+([^$]+) +FORMAT = MSADChangedAttributes::"$1" +MV_ADD = true + +##---------------------------------------------------## +## Domain: jpit - Lookup Definition +##---------------------------------------------------## +## Domain - jpit - User Definition ## +[AD_Obj_User_jpit] +external_type = kvstore +collection = AD_Obj_User_jpit_kv +fields_list = _key,accountExpires,adminCount,badPasswordTime,badPwdCount,c,cn,orig_cn,codePage,countryCode,dSCorePropagationData,dcName,deletedDate,department,description,displayName,distinguishedName,dn,dn_hist,dn_path,domain,DomainDNSName,givenName,guid_lookup,initials,instanceType,isCriticalSystemObject,isDeleted,isRecycled,l,lastKnownParent,lastLogon,lastLogonTimestamp,last_evt_flg,location,lockoutTime,logonCount,logonHours,lookup_usr,managedBy,msDS-SupportedEncryptionTypes,name,objectCategory,objectClass,objectGUID,objectSid,orig_evt_dn,OU,physicalDeliveryOfficeName,postalCode,primaryGroupID,pwdLastSet,sAMAccountName,sAMAccountType,servicePrincipalName,showInAdvancedViewOnly,sid_lookup,sn,st,streetAddress,title,uac_details,uac_bin_map,uSNChanged,uSNCreated,userAccountControl,userPrincipalName,userWorkstations,whenChanged,whenCreated,user_type,time +case_sensitive_match = false +## Domain - jpit - Group Definition ## +[AD_Obj_Group_jpit] +external_type = kvstore +collection = AD_Obj_Group_jpit_kv +fields_list = _key,adminCount,c,cn,orig_cn,dSCorePropagationData,dcName,deletedDate,description,displayName,distinguishedName,dn,dn_hist,dn_path,domain,DomainDNSName,groupType,groupType_Name,guid_lookup,instanceType,isCriticalSystemObject,isDeleted,isDistributionList,isRecycled,l,lastKnownParent,last_evt_flg,lookup_grp,managedBy,member,membercount,MSADGroupType,MSADGroupClass,name,objectCategory,objectClass,objectGUID,objectSid,orig_evt_dn,OU,primaryGroupToken,sAMAccountName,sAMAccountType,showInAdvancedViewOnly,sid_lookup,src_nt_domain,st,systemFlags,uSNChanged,uSNCreated,whenChanged,whenCreated,time +case_sensitive_match = false +## Domain - jpit - Computer Definition ## +[AD_Obj_Computer_jpit] +external_type = kvstore +collection = AD_Obj_Computer_jpit_kv +fields_list = _key,accountExpires,badPasswordTime,badPwdCount,c,cn,orig_cn,codePage,countryCode,dNSHostName,dSCorePropagationData,dcName,deletedDate,description,displayName,distinguishedName,dn,dn_hist,dn_path,domain,DomainDNSName,instanceType,isCriticalSystemObject,isDeleted,isRecycled,l,lastKnownParent,lastLogon,lastLogonTimestamp,last_evt_flg,localPolicyFlags,logonCount,lookup_cmp,managedBy,msDFSR-ComputerReferenceBL,msDS-SupportedEncryptionTypes,name,objectCategory,objectClass,objectGUID,objectSid,operatingSystem,operatingSystemServicePack,operatingSystemVersion,orig_evt_dn,OU,primaryGroupID,pwdLastSet,rIDSetReferences,sAMAccountName,sAMAccountType,serverReferenceBL,servicePrincipalName,sid_lookup,src_nt_domain,st,uSNChanged,uSNCreated,userAccountControl,whenChanged,whenCreated,time +case_sensitive_match = false \ No newline at end of file