How to Use Reference Data Import (LDAP) data with Custom Rule

Hi, I am on version 7.3 of QRadar.

I want to use the Reference Data Import (LDAP) data to create a Map of Sets. I am looking for guidance on how best to use this pulled data to create the following scenario:

if user contained in reference map of sets [trusted-users…created from the Reference Data Import] &&
if source IP contained in network hierarchy &&
if destination IP contained in reference set[trusted-device]
then
do NOT trigger a rule response

I am looking for advice on what values to put for “Alias” on the LDAP Attribute Mapping screen of the Reference Data Import set-up. Also, do I need to create a custom property to make this scenario work? If so, for what value? I can’t find any documentation on the process. Thanks in advance.

Related:

Leave a Reply