Response in Active Directory
Event field name | Field value |
DeviceAction |
|
DeviceFacility |
|
EventOutcome |
|
SourceTranslatedAddress | This field contains the value of the HTTP header x-real-ip or x-forwarded-for. If these headers are absent, the field will be empty. |
SourceAddress | The address from which the user logged in. If the user logged in using a proxy, there will be a proxy address. |
SourcePort | Port from which the user logged in. If the user logged in using a proxy, there will be a port on the proxy side. |
SourceUserName | User login that was used to change the tenant data. |
SourceUserID | User ID that was used to change the tenant data. |
DeviceCustomString3 | Response rule name: CHANGE_PASSWORD, ADD_TO_GROUP, REMOVE_FROM_GROUP, BLOCK_USER. |
DeviceCustomString3Label |
|
DeviceCustomString5 | Tenant ID. |
DeviceCustomString5Label |
|
DeviceCustomString6 | Tenant name. |
DeviceCustomString6Label |
|
DestinationUserName | The Active Directory user account to which the response is invoked (sAMAccountName). |
DestinationNtDomain | Domain of the Active Directory user account to which the response is invoked. |
DestinationUserID | Account UUID in KUMA. |
FlexString1 | Information about the group where the user was added or deleted. |
FlexString1Label |
|