Step 1 - Build and Populate the Active List with User IDs

This example assumes that you have a pre-populated active list that maps user identifiers from various sources (badge ID, user login, e-mail, phone number) to unique user IDs (UUIDs). For the purposes of the example, we are interested in correlating badge IDs and user logins for users who log into critical servers. The active list (populated with our list of users) provides the “User Map” we need to derive each user’s unique ID.

The active list definition includes the following two fields with names and types as shown. "User Identifier" is set as the key-field. This information is available in incoming events (badge swipes and user logins). Each user identifier is mapped to a UUID. Assume, for this example, that we got this mapping from IT or Human Resources departments. The UUID value is the information we’ll want to extract from this list via a variable.

Field Names for Session Lists	Type	Key Fields
User Identifier	String	Enabled
UUID	String

The unique user ID (UUID) that the user identifier maps to is provided here through an LDAP system or some other data source.This is the focus of the active list: to map various user IDs to the UUID. The UUID will then be used as a variable in a rule.

Micro Focus Security Community
All Documentation
Support
Education
Send Us Feedback

Close

We welcome your comments!

You can either:

Open an email window.

Or copy the information below to an email client and send the email to Documentation-Feedback@microfocus.com.

Help Topic ID:

Product:

Topic Title:

Feedback: