Has somebody found a similar situation with UBA custom rules? I cant' find any docs about customizing UBA rules in this way, only about basic customization. I would need to know at least if it's possible to customize a rule as I have explained.
Thanks in advanced
------------------------------
A CG
------------------------------
Original Message:
Sent: Fri April 19, 2019 02:08 AM
From: A CG
Subject: Custom property for UBA rule
Hello community
I'm customizing detection rules for UBA and I have encountered the following issue: one of our log sources provides the username in a non standard property, I have created a custom property to extract it. I can see that UBA automatically uses the property username from the event to add the sensevalue defined in the rule to a user, how can I use a custom property in an UBA custom rule instead of the standard property username?
Thanks
------------------------------
A CG
------------------------------