IBM Security QRadar SOAR

Hello,

We are trying to integrate Active Directory with Resilient platform to perform actions such as enabling/disabling user or resetting user password. For which, there is an app available as 'LDAP and Active Directory functions for Resilient' on IBM App Exchange.

After installation, we need to input the credentials such as DN of a master account and password of the account in the app.config file as per the documentation. For this, we have created an account on AD with admin privileges to perform the required actions.

However, Is there any way or workaround for taking actions on AD from Resilient other than this app ? Any other way of doing this using EDR or something ?
Reason being, if Resilient got hacked/interrupted and such AD privileged account created with full control on users, it will be huge impact for our organization.

Please kindly let us know your inputs on this. Any help would be grateful.

Thanks,

------------------------------
Akhilesh Deshmukh,
Data Analyst, SecurityHQ
------------------------------

Hi Akhilesh,

Thank you for reaching out to the community

There is no other way in which we can think of to do this

You could investigate what the min required permissions are for the AD user - am not sure they have to have FULL admin privileges - I think with AD the permissions can be more specific

------------------------------
Shane Curtin
Apps Engineer - IBM Resilient
------------------------------

Original Message:
Sent: Thu April 15, 2021 01:45 AM
From: Akhilesh Deshmukh
Subject: Workaround for LDAP and Active Directory function for Resilient

Hello,

We are trying to integrate Active Directory with Resilient platform to perform actions such as enabling/disabling user or resetting user password. For which, there is an app available as 'LDAP and Active Directory functions for Resilient' on IBM App Exchange.

After installation, we need to input the credentials such as DN of a master account and password of the account in the app.config file as per the documentation. For this, we have created an account on AD with admin privileges to perform the required actions.

However, Is there any way or workaround for taking actions on AD from Resilient other than this app ? Any other way of doing this using EDR or something ?
Reason being, if Resilient got hacked/interrupted and such AD privileged account created with full control on users, it will be huge impact for our organization.

Please kindly let us know your inputs on this. Any help would be grateful.

Thanks,

------------------------------
Akhilesh Deshmukh,
Data Analyst, SecurityHQ
------------------------------

Hello Shane,

Thank you for your reply. I will check with the permissions which needs to be given to the service account on AD.

Thanks,

------------------------------
Akhilesh Deshmukh,
Data Analyst, SecurityHQ
------------------------------

Original Message:
Sent: Fri April 16, 2021 05:51 AM
From: Shane Curtin
Subject: Workaround for LDAP and Active Directory function for Resilient

Hi Akhilesh,

Thank you for reaching out to the community

There is no other way in which we can think of to do this

You could investigate what the min required permissions are for the AD user - am not sure they have to have FULL admin privileges - I think with AD the permissions can be more specific

------------------------------
Shane Curtin
Apps Engineer - IBM Resilient

Original Message:
Sent: Thu April 15, 2021 01:45 AM
From: Akhilesh Deshmukh
Subject: Workaround for LDAP and Active Directory function for Resilient

Hello,

We are trying to integrate Active Directory with Resilient platform to perform actions such as enabling/disabling user or resetting user password. For which, there is an app available as 'LDAP and Active Directory functions for Resilient' on IBM App Exchange.

After installation, we need to input the credentials such as DN of a master account and password of the account in the app.config file as per the documentation. For this, we have created an account on AD with admin privileges to perform the required actions.

However, Is there any way or workaround for taking actions on AD from Resilient other than this app ? Any other way of doing this using EDR or something ?
Reason being, if Resilient got hacked/interrupted and such AD privileged account created with full control on users, it will be huge impact for our organization.

Please kindly let us know your inputs on this. Any help would be grateful.

Thanks,

------------------------------
Akhilesh Deshmukh,
Data Analyst, SecurityHQ
------------------------------