Just like Alexander stated you should be able to do both of the things you want with some customization.
We do ours against a Data table row being added so on a DataTable object.
For the LDAP extension in the preprocess script you can build it with any fields that are searching against in your Active Directory.
inputs.ldap_search_base = "dc=your_doamin,dc=com"
inputs.ldap_search_filter = "(objectSid={})".format(row.user_added_local_admin_dt)
inputs.ldap_search_attributes = "sAMAccountName,objectSid" <-- These are the fields you want to search against
In the post process script you can write out the return to see all the fields in a note using something like this:
if len(results['entries']) > 0:
incident.addNote(results['entries'])
Then once you figure out the parts you want to do modify the data table and add columns for those new fields or new fields.
row.general_qr_description = results['entries'][0]['description'] <-- this adds the persons description field back to the row in a description column.
Emailing a User:
Actions can have functions that do almost anything - if you haven't looked at the app exchange for the outbound email connector I would look at that (linked in Alexander's post). Then you can use the action on the row to trigger an email being sent manually or you could do it automatically in a workflow.
------------------------------
Richard Giesige
Security Engineer
Oshkosh Corporation
Oshkosh
------------------------------
Original Message:
Sent: Thu June 25, 2020 12:24 PM
From: Vítor Fagundes Alves Nogueira
Subject: Doubts about ldap query
I need to look for other fields in the LDAP query besides the standards, is it possible? (image 1 attached).
Also, is it possible to send an email to the username with a warning or something from that button? (image 2 attached).
------------------------------
Vítor Fagundes Alves Nogueira
------------------------------