AD security group members to CDB list

[German DiCasas]

Hi team,

There are any way to sync the useres from a group over  active directory to a list CDB? I mean, I want to have a CDB list with all the members of a security group , it is posible? 

The idea is to dectect on wazuh all the members of a security group of AD that do specific actions like RDP or some cmd commands.

Let me know if there are any way to sync those members to CDB, thanks

Regards,

German

[John Soliani]

Hello German,

You can create a CDB list and name it sysadmins with all the security group sysadmins members and then use the CDB List to trigger alerts, yes.
Let’s clarify that the CDB stands for Constant DataBase lists, so every time you make changes to the security groups, you will need to modify the CDB list and restart the manager/s to apply the change manually and your use case seams to be dynamic rather than constant.
The sync between the AD security group users and the CDB lists could be done with a script but you will need to restart the manager/s either way.
I’ve found that the dsquery command gives you the list of members of a group:

• dsquery group -samid "Group_SAM_Account_Name" | dsget group -members -expand

• dsquery group -name "Group Account Name" | dsget group -members -expand

If you do not make too many changes to the security groups, this could be practical.

Hope this helps!

​

[German DiCasas]

Jhon, 

Thanks for the reply. So, need to be done by script to get and put over CDB, understood. I was hoping wazuh 4.8 would have something specific :)

Regards

German