Hi there,

My Sentinel 7 correlation rule fails to trigger because the "Group By"
setting of InitiatorUserName is case sensitive. One of my systems
reports user names always in lower case while the other reports in the
case used by the user source directory (eDirectory). The desired rule
expression ends with "discriminator(e.InitiatorUserName)".

Anyway around this without modifying the default collectors?


kmaule's Profile: https://forums.netiq.com/member.php?userid=306
View this thread: https://forums.netiq.com/showthread.php?t=47075