Azure Sentinel Incident Field Mapping
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-15-2024 08:35 AM
Hi all,
I have installed Microsoft Azure Sentinel Incident Ingestion Integration For Security Operations.
I have mapped the ${Account: properties(accountName)}$ from the Account Entity Fields to the Affected user within the Azure Sentinel Incident Profile.
The accountName is listed as an Employee number but I need this as a Name. I have attempted this within the Azure Sentinel Field Translation but it's not populating the Name.
var user = new GlideRecord('sys_user');
user.addQuery('employee_number', sourceValue);
user.query();
while (user.next()) {
destinationValue = user.sys_id;
}
Any help would be much appreciated.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-23-2024 03:41 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-23-2024 03:54 AM
Hi Vamshi,
No unfortunately not.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-23-2024 04:19 AM
@Karlie01 have you configured anything if we are getting multiple account entities for affected user?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-23-2024 05:57 AM
No the examples that I was provided only contained one account entry, but this would need to be considered.
