I tried to retrieve assets information of ldap so I used the search (I know that I must not to use search nt_host...)
"|ldapsearch domain=XXX search="(&(objectClass=computer))"
|eval city=""
|eval country=""
|eval priority="medium"
|eval category="normal"
|eval dns=dNSHostName
|eval owner=managedBy
|rex field=sAMAccountName mode=sed "s/\$//g"
|eval nt_host=sAMAccountName |search nt_host=segurinfo
|makemv delim="," dn
|rex field=dn "(OU|CN)\=(?.+)"
|table Source_Address,mac,nt_host,dns,owner,priority,lat,long,city,country,bunit,category,pci_domain,is_expected,should_timesync,should_update,requires_av"
and I have the table but I the IP is not because I do not use static IP so I think is possible to use the security logs that I have but I do not how can i correlate it.
I used the next search for nt_host=segurinfo: index="wineventlog" Workstation_Name=segurinfo and I see in the logs the information that I need.
... View more