parent
0e851f4451
commit
bac1c85402
@ -0,0 +1,54 @@
|
||||
## MS AD Objects - KV Store Lookups ##AD_Obj_Domain_kv
|
||||
[AD_Obj_Domain_kv]
|
||||
enforceTypes = false
|
||||
field.last_time_utc = time
|
||||
accelerated_fields.domain = { "domain" : 1 }
|
||||
|
||||
[AD_Obj_User_LDAP_list_kv]
|
||||
enforceTypes = false
|
||||
accelerated_fields.dn = { "dn" : 1 }
|
||||
|
||||
[AD_Obj_Group_LDAP_list_kv]
|
||||
enforceTypes = false
|
||||
accelerated_fields.dn = { "dn" : 1 }
|
||||
accelerated_fields.member = { "member" : 1 }
|
||||
|
||||
[AD_Obj_Computer_LDAP_list_kv]
|
||||
enforceTypes = false
|
||||
accelerated_fields.dn = { "dn" : 1 }
|
||||
|
||||
[AD_Obj_OU_LDAP_list_kv]
|
||||
enforceTypes = false
|
||||
accelerated_fields.dn = { "dn" : 1 }
|
||||
|
||||
[AD_Obj_GPO_LDAP_list_kv]
|
||||
enforceTypes = false
|
||||
accelerated_fields.dn = { "cn" : 1 }
|
||||
|
||||
[AD_Obj_Admin_Audit_list_kv]
|
||||
enforceTypes = false
|
||||
accelerated_fields.admin_user = { "admin_user" : 1 }
|
||||
|
||||
[AD_Obj_UAC_kv]
|
||||
enforceTypes = false
|
||||
|
||||
[AD_Obj_Config_State_kv]
|
||||
enforceTypes = false
|
||||
|
||||
##-----------------------------------------------------------##
|
||||
## Domain: jpit - KVStores
|
||||
##-----------------------------------------------------------##
|
||||
## Domain - jpit - User KVStore ##
|
||||
[AD_Obj_User_jpit_kv]
|
||||
enforceTypes = false
|
||||
accelerated_fields.dn = { "dn" : 1 }
|
||||
## Domain - jpit - Group KVStore ##
|
||||
[AD_Obj_Group_jpit_kv]
|
||||
enforceTypes = false
|
||||
accelerated_fields.dn = { "dn" : 1 }
|
||||
accelerated_fields.member = { "member" : 1 }
|
||||
## Domain - jpit - Computer KVStore ##
|
||||
[AD_Obj_Computer_jpit_kv]
|
||||
enforceTypes = false
|
||||
accelerated_fields.dn = { "dn" : 1 }
|
||||
|
||||
@ -0,0 +1,260 @@
|
||||
## Version 4.0 Update - New MS AD Objects Lookups ##
|
||||
## -- KVSTore -- ##
|
||||
## MS AD Objects - KV Store Lookups ##
|
||||
## Configuration State - Lookup ##
|
||||
[AD_Obj_Config_State]
|
||||
external_type = kvstore
|
||||
collection = AD_Obj_Config_State_kv
|
||||
fields_list = _key,state,version,last_run
|
||||
case_sensitive_match = false
|
||||
|
||||
## Getting Started Configuration Wizard - Environment Scope
|
||||
[ms_ad_obj_cfg_gs]
|
||||
batch_index_query = 0
|
||||
case_sensitive_match = 1
|
||||
filename = ms_ad_obj_cfg_gs.csv
|
||||
## Matching Pre-Version 4.x Name: AD_Obj_Domain_Selector ##
|
||||
[AD_Obj_Domain]
|
||||
external_type = kvstore
|
||||
collection = AD_Obj_Domain_kv
|
||||
fields_list = _key,domain,host,DomainNetBIOSName,DomainDNSName,ForestName,Site,time,multi_lkps_enabled,kv_suffix,dc_val,user_lookup,group_lookup,computer_lookup
|
||||
case_sensitive_match = false
|
||||
|
||||
## Matching Pre-Version 4.x Name: AD_Obj_User_LDAP_list ##
|
||||
[AD_Obj_User]
|
||||
external_type = kvstore
|
||||
collection = AD_Obj_User_LDAP_list_kv
|
||||
fields_list = _key,accountExpires,adminCount,badPasswordTime,badPwdCount,c,cn,orig_cn,codePage,countryCode,dSCorePropagationData,dcName,deletedDate,department,description,displayName,distinguishedName,dn,dn_hist,dn_path,domain,DomainDNSName,givenName,guid_lookup,initials,instanceType,isCriticalSystemObject,isDeleted,isRecycled,l,lastKnownParent,lastLogon,lastLogonTimestamp,last_evt_flg,location,lockoutTime,logonCount,logonHours,lookup_usr,managedBy,msDS-SupportedEncryptionTypes,name,objectCategory,objectClass,objectGUID,objectSid,orig_evt_dn,OU,physicalDeliveryOfficeName,postalCode,primaryGroupID,pwdLastSet,sAMAccountName,sAMAccountType,servicePrincipalName,showInAdvancedViewOnly,sid_lookup,sn,st,streetAddress,title,uac_details,uac_bin_map,uSNChanged,uSNCreated,userAccountControl,userPrincipalName,userWorkstations,whenChanged,whenCreated,user_type,time
|
||||
case_sensitive_match = false
|
||||
|
||||
## Matching Pre-Version 4.x Name: AD_Obj_Computer_LDAP_list ##
|
||||
[AD_Obj_Computer]
|
||||
external_type = kvstore
|
||||
collection = AD_Obj_Computer_LDAP_list_kv
|
||||
fields_list = _key,accountExpires,badPasswordTime,badPwdCount,c,cn,orig_cn,codePage,countryCode,dNSHostName,dSCorePropagationData,dcName,deletedDate,description,displayName,distinguishedName,dn,dn_hist,dn_path,domain,DomainDNSName,instanceType,isCriticalSystemObject,isDeleted,isRecycled,l,lastKnownParent,lastLogon,lastLogonTimestamp,last_evt_flg,localPolicyFlags,logonCount,lookup_cmp,managedBy,msDFSR-ComputerReferenceBL,msDS-SupportedEncryptionTypes,name,objectCategory,objectClass,objectGUID,objectSid,operatingSystem,operatingSystemServicePack,operatingSystemVersion,orig_evt_dn,OU,primaryGroupID,pwdLastSet,rIDSetReferences,sAMAccountName,sAMAccountType,serverReferenceBL,servicePrincipalName,sid_lookup,src_nt_domain,st,uSNChanged,uSNCreated,userAccountControl,whenChanged,whenCreated,time
|
||||
case_sensitive_match = false
|
||||
|
||||
## Matching Pre-Version 4.x Name: AD_Obj_Group_LDAP_list ##
|
||||
[AD_Obj_Group]
|
||||
external_type = kvstore
|
||||
collection = AD_Obj_Group_LDAP_list_kv
|
||||
fields_list = _key,adminCount,c,cn,orig_cn,dSCorePropagationData,dcName,deletedDate,description,displayName,distinguishedName,dn,dn_hist,dn_path,domain,DomainDNSName,groupType,groupType_Name,guid_lookup,instanceType,isCriticalSystemObject,isDeleted,isDistributionList,isRecycled,l,lastKnownParent,last_evt_flg,lookup_grp,managedBy,member,membercount,MSADGroupType,MSADGroupClass,name,objectCategory,objectClass,objectGUID,objectSid,orig_evt_dn,OU,primaryGroupToken,sAMAccountName,sAMAccountType,showInAdvancedViewOnly,sid_lookup,src_nt_domain,st,systemFlags,uSNChanged,uSNCreated,whenChanged,whenCreated,time
|
||||
case_sensitive_match = false
|
||||
|
||||
## Matching Pre-Vers` ion 4.x Name: AD_Obj_GPO_LDAP_list ##
|
||||
[AD_Obj_GPO]
|
||||
external_type = kvstore
|
||||
collection = AD_Obj_GPO_LDAP_list_kv
|
||||
fields_list = _key,cn,deletedDate,displayName,distinguishedName,dn,dn_hist,domain,DomainDNSName,dSCorePropagationData,flags,gpo_link,gPCFileSysPath,gPCFunctionalityVersion,gPCMachineExtensionNames,instanceType,isCriticalSystemObject,isRecycled,isDeleted,lastKnownParent,lc,last_evt_flg,name,objectCategory,objectClass,objectGUID,orig_cn,showInAdvancedViewOnly,systemFlags,uSNChanged,uSNCreated,versionNumber,whenChanged,whenCreated,time
|
||||
case_sensitive_match = false
|
||||
|
||||
## Matching Pre-Version 4.x Name: AD_Obj_OU_LDAP_list ##
|
||||
[AD_Obj_OU]
|
||||
external_type = kvstore
|
||||
collection = AD_Obj_OU_LDAP_list_kv
|
||||
fields_list = _key,c,cn,deletedDate,description,displayName,distinguishedName,dn,dn_hist,domain,DomainDNSName,dSCorePropagationData,gPLink,gpo_link,guid_lookup,host,instanceType,isCriticalSystemObject,isDeleted,isRecycled,l,lastKnownParent,last_evt_flg,Linked_GPO,lookup_ou,managedBy,name,objectCategory,objectClass,objectGUID,orig_cn,orig_evt_dn,OU,q,revision,showInAdvancedViewOnly,st,systemFlags,uSNChanged,uSNCreated,versionNumber,whenChanged,whenCreated,time
|
||||
case_sensitive_match = false
|
||||
|
||||
## Matching Pre-Version 4.x Name: AD_Obj_Admin_Audit_list ##
|
||||
[AD_Obj_Admin_Audit]
|
||||
external_type = kvstore
|
||||
collection = AD_Obj_Admin_Audit_list_kv
|
||||
fields_list = _key,admin_user,admin_domain,last_time_string,last_time_utc
|
||||
case_sensitive_match = false
|
||||
## Removed for MULTI-DOMAIN KV Split Support ##
|
||||
##fields_list = admin_dn,admin_dn_hist,admin_dn_path,admin_cn,admin_objectGUID,admin_userPrincipalName
|
||||
|
||||
## Matching Pre-Version 4.x Name: AD_UAC_Details ##
|
||||
[AD_Obj_UAC]
|
||||
external_type = kvstore
|
||||
collection = AD_Obj_UAC_kv
|
||||
fields_list = _key,uac_bin_map,uac_details,userAccountControl
|
||||
case_sensitive_match = false
|
||||
## Removed - [AD_Objects_Queue] - Not Needed with KVStore
|
||||
## Removed - [AD_Obj_Group_DL] AD_Obj_Group_DL_LDAP_list ##
|
||||
|
||||
## -- csv File -- ##
|
||||
## Future Use for Wizards
|
||||
[ms_ad_obj_cfg_wiz_nav]
|
||||
batch_index_query = 0
|
||||
case_sensitive_match = false
|
||||
filename = ms_ad_obj_cfg_wiz_nav.csv
|
||||
|
||||
## Static and Manual Update Lookup
|
||||
[AD_Audit_Sensitive_Groups]
|
||||
filename = AD.Audit.Sensitive.Groups.csv
|
||||
case_sensitive_match = false
|
||||
|
||||
## Static Lookup
|
||||
[AD_Audit_Group_Type]
|
||||
filename = ms_ad_obj_group_types.csv
|
||||
case_sensitive_match = false
|
||||
|
||||
[AD_Audit_Group_Details]
|
||||
filename = ms_ad_obj_group_details.csv
|
||||
case_sensitive_match = false
|
||||
|
||||
[AD_Audit_Error_Codes]
|
||||
filename = ms_ad_obj_error_codes.csv
|
||||
case_sensitive_match = false
|
||||
|
||||
[AD_Audit_Logon_Types]
|
||||
filename = ms_ad_obj_logon_types.csv
|
||||
case_sensitive_match = false
|
||||
|
||||
[ms_ad_obj_app_eventcodes]
|
||||
filename = ms_ad_obj_app_eventcodes.csv
|
||||
case_sensitive_match = false
|
||||
|
||||
[AD_Audit_Change_EventCodes]
|
||||
batch_index_query = 0
|
||||
filename = ms_ad_obj_change_eventcodes.csv
|
||||
case_sensitive_match = false
|
||||
|
||||
[AD_Audit_Change_EventCodes_Std]
|
||||
batch_index_query = 0
|
||||
case_sensitive_match = 1
|
||||
filename = ms_ad_obj_change_eventcodes_std.csv
|
||||
|
||||
[AD_Audit_Change_EventCodes_Adv]
|
||||
filename = ms_ad_obj_change_eventcodes_adv.csv
|
||||
case_sensitive_match = false
|
||||
|
||||
[AD_Audit_Default_Critical_Objects]
|
||||
filename = ms_ad_obj_default_critical_objects.csv
|
||||
case_sensitive_match = false
|
||||
|
||||
[AD_Audit_Logon_Events]
|
||||
batch_index_query = 0
|
||||
case_sensitive_match = 0
|
||||
filename = ms_ad_obj_evt_code_logons.csv
|
||||
|
||||
## Extract Information Lookups ##
|
||||
[field_info_AD_Obj_User]
|
||||
batch_index_query = 0
|
||||
case_sensitive_match = false
|
||||
filename = ms_ad_obj_field_AD_Obj_User.csv
|
||||
|
||||
[field_info_AD_Obj_Computer]
|
||||
batch_index_query = 0
|
||||
case_sensitive_match = false
|
||||
filename = ms_ad_obj_field_AD_Obj_Computer.csv
|
||||
|
||||
[field_info_AD_Obj_Group]
|
||||
batch_index_query = 0
|
||||
case_sensitive_match = false
|
||||
filename = ms_ad_obj_field_AD_Obj_Group.csv
|
||||
|
||||
[ms_ad_obj_user_rights_map]
|
||||
batch_index_query = 0
|
||||
case_sensitive_match = false
|
||||
filename = ms_ad_obj_user_rights_map.csv
|
||||
|
||||
[ms_ad_obj_uac_temp]
|
||||
batch_index_query = 0
|
||||
filename = ms_ad_obj_uac_temp.csv
|
||||
case_sensitive_match = false
|
||||
|
||||
[ms_ad_obj_field_list]
|
||||
batch_index_query = 0
|
||||
case_sensitive_match = false
|
||||
filename = ms_ad_obj_lookup_field_lists.csv
|
||||
|
||||
[ms_ad_obj_evt_code_desc]
|
||||
batch_index_query = 0
|
||||
filename = ms_ad_obj_evt_code_desc.csv
|
||||
case_sensitive_match = false
|
||||
|
||||
[ms_ad_obj_status_icons]
|
||||
batch_index_query = 0
|
||||
filename = ms_ad_obj_status_icons.csv
|
||||
case_sensitive_match = false
|
||||
|
||||
## Temp Holder for Multi-Domain Configuration Settings:
|
||||
[tmp_ms_obj_md_cfg]
|
||||
batch_index_query = 0
|
||||
filename = tmp_ms_obj_md_cfg.csv
|
||||
case_sensitive_match = false
|
||||
|
||||
## Initially Manually Build and then Dynamically Updated Lookups
|
||||
[AD_Computer_LDAP_list]
|
||||
filename = AD.Computer.LDAP.list.csv
|
||||
case_sensitive_match = false
|
||||
|
||||
[AD_User_LDAP_list]
|
||||
filename = AD.Users.LDAP.list.csv
|
||||
case_sensitive_match = false
|
||||
|
||||
[AD_Groups_LDAP_list]
|
||||
filename = AD.Groups.LDAP.list.csv
|
||||
case_sensitive_match = false
|
||||
|
||||
[AD_GroupPolicies_LDAP_list]
|
||||
filename = AD.GroupPolicies.LDAP.list.csv
|
||||
case_sensitive_match = false
|
||||
|
||||
[AD_OU_LDAP_list]
|
||||
filename = AD.OU.LDAP.list.csv
|
||||
case_sensitive_match = false
|
||||
|
||||
[AD_Distribution_List_LDAP_list]
|
||||
filename = AD.Distribution.Lists.LDAP.list.csv
|
||||
case_sensitive_match = false
|
||||
|
||||
[AD_Domain_Selector]
|
||||
filename = AD.Domain.Selector.list.csv
|
||||
case_sensitive_match = false
|
||||
|
||||
[AD_Audit_Admin_list]
|
||||
filename = AD.Audit.Admin.list.csv
|
||||
case_sensitive_match = false
|
||||
|
||||
## AD admon Update Queues
|
||||
[AD_Objects_Queue_Main]
|
||||
filename = AD_Objects_Queue_Main.csv
|
||||
case_sensitive_match = false
|
||||
|
||||
[AD_UAC_Details]
|
||||
filename = AD_UAC_Details.csv
|
||||
case_sensitive_match = false
|
||||
|
||||
[ms_ad_obj_inputs]
|
||||
batch_index_query = 0
|
||||
filename = ms_ad_obj_inputs_vals.csv
|
||||
case_sensitive_match = false
|
||||
|
||||
## Added to extract the Domain DNS Name for ActiveDirectory Data - Required for building lookups and potential use of Multi-Domain Lookup Splitting.##
|
||||
[ms_ad_obj_admon_dc_suffix]
|
||||
REGEX = (?msi)(?:dcName\=(LDAP\:\/\/|)[a-zA-Z0-9_\-]+)\.([^(\r|\n|\/)]+)
|
||||
FORMAT = dc_ldap::$1 dc_suffix::$2
|
||||
|
||||
[ms_ad_obj_admon_dc_val]
|
||||
REGEX = (?msi)(?:objectCategory\=.*)(?:\,CN\=(Configuration|Deleted\sObjects)\,DC\=)([^(\r|\n|\|)]+)
|
||||
FORMAT = dc_category::$1 dc_val::$2
|
||||
|
||||
[ms_ad_obj_cs_changed_attributes_values]
|
||||
REGEX = (?msi)(?:Additional Details:|Changed Attributes|Attribute:)(?:\s|\n|\r)+([^$]+)
|
||||
FORMAT = MSADChangedAttributes::"$1"
|
||||
MV_ADD = true
|
||||
|
||||
##---------------------------------------------------##
|
||||
## Domain: jpit - Lookup Definition
|
||||
##---------------------------------------------------##
|
||||
## Domain - jpit - User Definition ##
|
||||
[AD_Obj_User_jpit]
|
||||
external_type = kvstore
|
||||
collection = AD_Obj_User_jpit_kv
|
||||
fields_list = _key,accountExpires,adminCount,badPasswordTime,badPwdCount,c,cn,orig_cn,codePage,countryCode,dSCorePropagationData,dcName,deletedDate,department,description,displayName,distinguishedName,dn,dn_hist,dn_path,domain,DomainDNSName,givenName,guid_lookup,initials,instanceType,isCriticalSystemObject,isDeleted,isRecycled,l,lastKnownParent,lastLogon,lastLogonTimestamp,last_evt_flg,location,lockoutTime,logonCount,logonHours,lookup_usr,managedBy,msDS-SupportedEncryptionTypes,name,objectCategory,objectClass,objectGUID,objectSid,orig_evt_dn,OU,physicalDeliveryOfficeName,postalCode,primaryGroupID,pwdLastSet,sAMAccountName,sAMAccountType,servicePrincipalName,showInAdvancedViewOnly,sid_lookup,sn,st,streetAddress,title,uac_details,uac_bin_map,uSNChanged,uSNCreated,userAccountControl,userPrincipalName,userWorkstations,whenChanged,whenCreated,user_type,time
|
||||
case_sensitive_match = false
|
||||
## Domain - jpit - Group Definition ##
|
||||
[AD_Obj_Group_jpit]
|
||||
external_type = kvstore
|
||||
collection = AD_Obj_Group_jpit_kv
|
||||
fields_list = _key,adminCount,c,cn,orig_cn,dSCorePropagationData,dcName,deletedDate,description,displayName,distinguishedName,dn,dn_hist,dn_path,domain,DomainDNSName,groupType,groupType_Name,guid_lookup,instanceType,isCriticalSystemObject,isDeleted,isDistributionList,isRecycled,l,lastKnownParent,last_evt_flg,lookup_grp,managedBy,member,membercount,MSADGroupType,MSADGroupClass,name,objectCategory,objectClass,objectGUID,objectSid,orig_evt_dn,OU,primaryGroupToken,sAMAccountName,sAMAccountType,showInAdvancedViewOnly,sid_lookup,src_nt_domain,st,systemFlags,uSNChanged,uSNCreated,whenChanged,whenCreated,time
|
||||
case_sensitive_match = false
|
||||
## Domain - jpit - Computer Definition ##
|
||||
[AD_Obj_Computer_jpit]
|
||||
external_type = kvstore
|
||||
collection = AD_Obj_Computer_jpit_kv
|
||||
fields_list = _key,accountExpires,badPasswordTime,badPwdCount,c,cn,orig_cn,codePage,countryCode,dNSHostName,dSCorePropagationData,dcName,deletedDate,description,displayName,distinguishedName,dn,dn_hist,dn_path,domain,DomainDNSName,instanceType,isCriticalSystemObject,isDeleted,isRecycled,l,lastKnownParent,lastLogon,lastLogonTimestamp,last_evt_flg,localPolicyFlags,logonCount,lookup_cmp,managedBy,msDFSR-ComputerReferenceBL,msDS-SupportedEncryptionTypes,name,objectCategory,objectClass,objectGUID,objectSid,operatingSystem,operatingSystemServicePack,operatingSystemVersion,orig_evt_dn,OU,primaryGroupID,pwdLastSet,rIDSetReferences,sAMAccountName,sAMAccountType,serverReferenceBL,servicePrincipalName,sid_lookup,src_nt_domain,st,uSNChanged,uSNCreated,userAccountControl,whenChanged,whenCreated,time
|
||||
case_sensitive_match = false
|
||||
Loading…
Reference in new issue