Response in Active Directory

Event field name

Field value

DeviceAction

ad response

DeviceFacility

manual response or automatic response

EventOutcome

succeeded or failed

SourceTranslatedAddress

This field contains the value of the HTTP header x-real-ip or x-forwarded-for. If these headers are absent, the field will be empty.

SourceAddress

The address from which the user logged in. If the user logged in using a proxy, there will be a proxy address.

SourcePort

Port from which the user logged in. If the user logged in using a proxy, there will be a port on the proxy side.

SourceUserName

User login that was used to change the tenant data.

SourceUserID

User ID that was used to change the tenant data.

DeviceCustomString3

Response rule name: CHANGE_PASSWORD, ADD_TO_GROUP, REMOVE_FROM_GROUP, BLOCK_USER.

DeviceCustomString3Label

response rule name

DeviceCustomString5

Tenant ID.

DeviceCustomString5Label

tenant ID

DeviceCustomString6

Tenant name.

DeviceCustomString6Label

tenant name

DestinationUserName

The Active Directory user account to which the response is invoked (sAMAccountName).

DestinationNtDomain

Domain of the Active Directory user account to which the response is invoked.

DestinationUserID

Account UUID in KUMA.

FlexString1

Information about the group where the user was added or deleted.

FlexString1Label

group DN

Page top