Active Directory

Microsoft on-prem Active Directory integration which allows A-Ops to authenticate and perform ldap queries.

Triggers

AD Asset Discovery

Discover assets within an Active Directory.

Input

Name Description Type Required Syntax
_id Unique identifier of object input False False
Name Display name for the trigger object. input False False
Enabled Enable / Disable this trigger object. checkbox False False
Variables Variables to define when triggering an event. var False True
Schedule How often to run the flow. e.g. 10s - every 10 seconds, 1-5h - random start between 1 and 5 hours, */5 * * * * - every 5 minutes. input False False
Max Duration The number of seconds that a flow can be running before it is automatically killed and/or considered dead and restarted. input False False
Search Base LDAP base search i.e. DC=domain,DC=local input True False
Search Filter LDAP search filter i.e. (&(objectClass=person)(objectClass=user)) input False False
Username Username to use when connecting to the defined active directory. input True False
Password Password for the defined username when connecting to the defined active directory. password-input True False
Domain Name Domain name of the domain being connected to. input True False
Server LDAP server address to connect. input True False
LDAPS When checked SSL will be used when connecting to the defined LDAP server. checkbox True False
Search Period Defines how far back to look for assets by using the 'lastlogontimestamp' attribute. This should be a numeric value relating to the units defined within Search Period Units. input True False
Search Period Units The units relating to the search period. dropdown True False
Comment User defined comments. input False False
Concurrency How many events to run through the flow at once. input False False
Take Snapshots When checked snapshots of every execution will be saved. checkbox False False
Max Retries The number of attempts to automatically reattempt a failing trigger. input False False
Retry Delay Delay time between failure and automatically reattempting a failing trigger. input False False
On Trigger Crash Trigger ID to call when a trigger crashes. input False False
On Trigger Killed Trigger ID to call when a trigger overruns its max duration and is killed. input False False
Fail Trigger On Action Crash When true the entire flow will crash if a single action crashes. group-checkbox False False
On Action Crash Trigger ID to call when an action crashes and Fail Trigger On Action Crash is checked. input False False

Actions

AD Add User to Group

Add a defined user as a member of a defined group.

Input

Name Description Type Required Syntax
_id input False False
Name Display name for the action object. input False False
Enabled Enable / Disable this action object. checkbox False False
Logic Logic that when defined must be evaluated as true for the action object to return True otherwise False will be returned. input False False
Variables Variables to define when triggering an event. var False True
Target User The user object to add to the target group. input True True
Target Group The group for which the user will be added as a member. input True True
Username Username to use when connecting to the defined active directory. input True True
Password Password for the defined username when connecting to the defined active directory. password-input True False
Domain Name Domain name of the domain being connected to. input True True
Server LDAP server address to connect. input True True
LDAPS When checked SSL will be used when connecting to the defined LDAP server. checkbox True False
Comment User defined comments. input False False

Output

Name Description Type always_present values
result Returns True when successful. boolean True {"True": {"description": "Successful."}, "False": {"description": "Failure."}}
rc Returns the exit code for the action. number True {"0": {"description": "Successful."}}

AD Remove User from Group

Remove a user from an AD group.

Input

Name Description Type Required Syntax
_id input False False
Name Display name for the action object. input False False
Enabled Enable / Disable this action object. checkbox False False
Logic Logic that when defined must be evaluated as true for the action object to return True otherwise False will be returned. input False False
Variables Variables to define when triggering an event. var False True
Target User The user object to remove from the target group. input True True
Target Group The group for which the user will be removed as a member. input True True
Username Username to use when connecting to the defined active directory. input True True
Password Password for the defined username when connecting to the defined active directory. password-input True False
Domain Name Domain name of the domain being connected to. input True True
Server LDAP server address to connect. input True True
LDAPS When checked SSL will be used when connecting to the defined LDAP server. checkbox True False
Comment User defined comments. input False False

Output

Name Description Type always_present values
result Returns True when successful. boolean True {"True": {"description": "Successful."}, "False": {"description": "Failure."}}
rc Returns the exit code for the action. number True {"0": {"description": "Successful."}}

AD Reset User Password

Reset the password for a given user within Active Directory.

Input

Name Description Type Required Syntax
_id input False False
Name Display name for the action object. input False False
Enabled Enable / Disable this action object. checkbox False False
Logic Logic that when defined must be evaluated as true for the action object to return True otherwise False will be returned. input False False
Variables Variables to define when triggering an event. var False True
Target User The user object to reset the password on. input True True
New Password The password will be reset to this value for the target user. input True True
Username Username to use when connecting to the defined active directory. input True True
Password Password for the defined username when connecting to the defined active directory. password-input True False
Domain Name Domain name of the domain being connected to. input True True
Server LDAP server address to connect. input True True
LDAPS When checked SSL will be used when connecting to the defined LDAP server. checkbox True False
Comment User defined comments. input False False

Output

Name Description Type always_present values
result Returns True when successful. boolean True {"True": {"description": "Successful."}, "False": {"description": "Failure."}}
rc Returns the exit code for the action. number True {"0": {"description": "Successful."}}

AD Create User

Create a new user within Active Directory.

Input

Name Description Type Required Syntax
_id input False False
Name Display name for the action object. input False False
Enabled Enable / Disable this action object. checkbox False False
Logic Logic that when defined must be evaluated as true for the action object to return True otherwise False will be returned. input False False
Variables Variables to define when triggering an event. var False True
New Username The username for the new user. input True True
New Password Password value to set for the new user after it is created. password-input True True
User Attributes Attributes dictionary containing key, value for each you wish to define. json-input True True
Username Username to use when connecting to the defined active directory. input True True
Password Password for the defined username when connecting to the defined active directory. password-input True False
Domain Name Domain name of the domain being connected to. input True True
Server LDAP server address to connect. input True True
LDAPS When checked SSL will be used when connecting to the defined LDAP server. checkbox True False
Comment User defined comments. input False False

Output

Name Description Type always_present values
result Returns True when successful. boolean True {"True": {"description": "Successful."}, "False": {"description": "Failure."}}
rc Returns the exit code for the action. number True {"0": {"description": "Successful."}}

AD Create Group

Create a new group within Active Directory.

Input

Name Description Type Required Syntax
_id input False False
Name Display name for the action object. input False False
Enabled Enable / Disable this action object. checkbox False False
Logic Logic that when defined must be evaluated as true for the action object to return True otherwise False will be returned. input False False
Variables Variables to define when triggering an event. var False True
Username Username to use when connecting to the defined active directory. input True True
Password Password for the defined username when connecting to the defined active directory. password-input True False
Domain Name Domain name of the domain being connected to. input True True
Server LDAP server address to connect. input True True
LDAPS When checked SSL will be used when connecting to the defined LDAP server. checkbox True False
Comment User defined comments. input False False

Output

Name Description Type always_present values
result Returns True when successful. boolean True {"True": {"description": "Successful."}, "False": {"description": "Failure."}}
rc Returns the exit code for the action. number True {"0": {"description": "Successful."}}

AD Enable User

Enable a disabled user account.

Input

Name Description Type Required Syntax
_id input False False
Name Display name for the action object. input False False
Enabled Enable / Disable this action object. checkbox False False
Logic Logic that when defined must be evaluated as true for the action object to return True otherwise False will be returned. input False False
Variables Variables to define when triggering an event. var False True
Target User The user object to enable. input True True
Username Username to use when connecting to the defined active directory. input True True
Password Password for the defined username when connecting to the defined active directory. password-input True False
Domain Name Domain name of the domain being connected to. input True True
Server LDAP server address to connect. input True True
LDAPS When checked SSL will be used when connecting to the defined LDAP server. checkbox True False
Comment User defined comments. input False False

Output

Name Description Type always_present values
result Returns True when successful. boolean True {"True": {"description": "Successful."}, "False": {"description": "Failure."}}
rc Returns the exit code for the action. number True {"0": {"description": "Successful."}}

AD Disable User

Disable an enabled user within Active Directory.

Input

Name Description Type Required Syntax
_id input False False
Name Display name for the action object. input False False
Enabled Enable / Disable this action object. checkbox False False
Logic Logic that when defined must be evaluated as true for the action object to return True otherwise False will be returned. input False False
Variables Variables to define when triggering an event. var False True
Target User The user object to disable. input True True
Username Username to use when connecting to the defined active directory. input True True
Password Password for the defined username when connecting to the defined active directory. password-input True False
Domain Name Domain name of the domain being connected to. input True True
Server LDAP server address to connect. input True True
LDAPS When checked SSL will be used when connecting to the defined LDAP server. checkbox True False
Comment User defined comments. input False False

Output

Name Description Type always_present values
result Returns True when successful. boolean True {"True": {"description": "Successful."}, "False": {"description": "Failure."}}
rc Returns the exit code for the action. number True {"0": {"description": "Successful."}}

AD Delete User

Delete a user account within Active Directory.

Input

Name Description Type Required Syntax
_id input False False
Name Display name for the action object. input False False
Enabled Enable / Disable this action object. checkbox False False
Logic Logic that when defined must be evaluated as true for the action object to return True otherwise False will be returned. input False False
Variables Variables to define when triggering an event. var False True
Target User The user object to delete. input True True
Username Username to use when connecting to the defined active directory. input True True
Password Password for the defined username when connecting to the defined active directory. password-input True False
Domain Name Domain name of the domain being connected to. input True True
Server LDAP server address to connect. input True True
LDAPS When checked SSL will be used when connecting to the defined LDAP server. checkbox True False
Comment User defined comments. input False False

Output

Name Description Type always_present values
result Returns True when successful. boolean True {"True": {"description": "Successful."}, "False": {"description": "Failure."}}
rc Returns the exit code for the action. number True {"0": {"description": "Successful."}}

Search for objects within Active Directory based on an LDAP search filter.

Input

Name Description Type Required Syntax
_id input False False
Name Display name for the action object. input False False
Enabled Enable / Disable this action object. checkbox False False
Logic Logic that when defined must be evaluated as true for the action object to return True otherwise False will be returned. input False False
Variables Variables to define when triggering an event. var False True
Search Base LDAP base search i.e. DC=domain,DC=local input True True
Search Filter LDAP search filter i.e. (&(objectClass=person)(objectClass=user)) input True True
Username Username to use when connecting to the defined active directory. input True True
Password Password for the defined username when connecting to the defined active directory. password-input True False
Domain Name Domain name of the domain being connected to. input True True
Server LDAP server address to connect. input True True
LDAPS When checked SSL will be used when connecting to the defined LDAP server. checkbox True False
Comment User defined comments. input False False

Output

Name Description Type always_present values
result Returns True when successful. boolean True {"True": {"description": "Successful."}, "False": {"description": "Failure."}}
rc Returns the exit code for the action. number True {"0": {"description": "Successful."}}

AD Set Object Attribute

Sets an attribute value on a given object.

Input

Name Description Type Required Syntax
Target Object The object to update the attribute on. input True True
Attribute Attribute on the object to update. input True True
Value Value to set on the given attribute. input True True
Username Username to use when connecting to the defined active directory. input True True
Password Password for the defined username when connecting to the defined active directory. password-input True False
Domain Name Domain name of the domain being connected to. input True True
Server LDAP server address to connect. input True True
LDAPS When checked SSL will be used when connecting to the defined LDAP server. checkbox True False

Output

Name Description Type always_present values
result Returns True when successful. boolean True {"True": {"description": "Successful."}, "False": {"description": "Failure."}}
rc Returns the exit code for the action. number True {"0": {"description": "Successful."}}

AD Set Account Expiry

Defines an account expiry from an epoch provided value.

Input

Name Description Type Required Syntax
Target Object The object to update the attribute on. input True True
Epoch Value Epoch timestamp of when the account should expire. input True True
Username Username to use when connecting to the defined active directory. input True True
Password Password for the defined username when connecting to the defined active directory. password-input True False
Domain Name Domain name of the domain being connected to. input True True
Server LDAP server address to connect. input True True
LDAPS When checked SSL will be used when connecting to the defined LDAP server. checkbox True False

Output

Name Description Type always_present values
result Returns True when successful. boolean True {"True": {"description": "Successful."}, "False": {"description": "Failure."}}
rc Returns the exit code for the action. number True {"0": {"description": "Successful."}}

Examples

Search for AD Users

Example use of the Trigger AD Asset Discovery

AD Asset Discovery

Download template

Requirements

  • Username and Password capable of reading AD assets
  • Domain Name
  • Server IP address

Walkthrough

  1. Configure Connection Details tab
    • Username
    • Password
    • Domain Name
    • Server IP

AD Asset Discovery

  1. Configure Main tab
    • Search Base
    • Search Period
    • Search Filter
    • Search Period Units

AD Asset Discovery


Create a new AD User and add to an existing AD group

Example use of the Actions AD Create User and AD Add User to Group

AD Create User

Download template

Requirements

  • Username and Password capable of performing changes to an AD
  • Domain Name
  • Server IP address

Walkthrough

  1. Configure Connection Details tab on both actions
    • Username
    • Password
    • Domain Name
    • Server IP

AD Asset Discovery

  1. Configure Main tab of Create User Account
    • Username for new user
    • Password for new user

AD Create User

  1. Configure Main tab of AD Add User to Group
    • Target User
    • Target Group

AD Create User


Remove a User from an AD group and disable User account

Example use of the Actions AD Remove User from Group and AD Disable User

AD Remove User from group and Disable

Download template

Requirements

  • Username and Password capable of performing changes to an AD
  • Domain Name
  • Server IP address

Walkthrough

  1. Configure Connection Details tab on both actions
    • Username
    • Password
    • Domain Name
    • Server IP

AD Asset Discovery

  1. Configure Main tab of AD Remove User from Group
    • Target User
    • Target Group

AD Create User

  1. Configure Main tab of AD Disable User
    • Target User

AD Create User


Delete a User from AD

Example use of the action AD Delete User

AD Delete User

Download template

Requirements

  • Username and Password capable of performing changes to an AD
  • Domain Name
  • Server IP address

Walkthrough

  1. Configure Connection Details tab of AD Delete User
    • Username
    • Password
    • Domain Name
    • Server IP

AD Asset Discovery

  1. Configure Main tab of AD Delete User
    • Target User

AD Asset Discovery


Reseting User password and securely sharing user password can be found here: Guide Page


Python Requirements

  • ldap3

Default configuration requirements are automatically installed when an integration is installed.

Open Source Attributions

SecureAck integration includes the following additional python third-party software/licensing:

----------------
** ldap3 ( https://github.com/cannatag/ldap3/ )

GPL-3.0

This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Lesser General Public License as published
by the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU Lesser General Public License for more details.

You should have received a copy of the GNU Lesser General Public License
along with this program in the COPYING and COPYING.LESSER files.
If not, see <http://www.gnu.org/licenses/>.