forked from shaniacht1/content
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathautomation-ADGetGroupMembers.yml
127 lines (118 loc) · 4.44 KB
/
automation-ADGetGroupMembers.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
args:
- default: true
description: Active Directory Distinguished Name for the desired group
name: groupdn
required: true
- description: Include these AD attributes of the resulting objects in addition to
the default ones
name: attributes
- auto: PREDEFINED
description: 'Which members type to query '
name: memberType
predefined:
- user
- computer
required: true
comment: "Use Active Directory to retrieve the list of users or computers that are
members of the specified group. Group must be given by its AD Distinguished Name.
The \"attributes\" argument receives a comma-separated list of additional attributes
you wish to be displayed in the results.\nExample usage: !ADGetGroupMembers memberType=user
groupdn=\"CN=Administrators,CN=Builtin,DC=acme,DC=int\" attributes=name,email "
commonfields:
id: ADGetGroupMembers
version: -1
dependson:
must:
- ad-search
deprecated: true
name: ADGetGroupMembers
outputs:
- contextPath: Endpoint
description: Active Directory Endpoint
- contextPath: Endpoint.Type
description: Type of the Endpoint entity
- contextPath: Endpoint.ID
description: The unique Endpoint DN (Distinguished Name)
- contextPath: Endpoint.Hostname
description: The Endpoint hostname
- contextPath: Endpoint.Groups
description: The groups the Endpoint is part of
- contextPath: Account
description: Active Directory Account
- contextPath: Account.Type
description: Type of the Account entity
- contextPath: Account.ID
description: The unique Account DN (Distinguished Name)
- contextPath: Account.Username
description: The Account username
- contextPath: Account.Email
description: The email address associated with the Account
- contextPath: Account.Groups
description: The groups the Account is part of
- contextPath: Account.DisplayName
description: The Account display name
runonce: false
script: |+
def createEndpointEntities(t,attrs):
endpoints = []
for l in t:
endpoint = {}
endpoint['Type'] = 'AD'
endpoint['ID'] = demisto.get(l,'dn')
endpoint['Hostname'] = demisto.get(l,'name')
endpoint['Groups'] = None
if demisto.get(l,'memberOf'):
endpoint['Groups'] = demisto.get(l,'memberOf').split('<br>')
for attr in set(argToList(attrs)) - set(['dn','name','memberOf']):
endpoint[attr.title()] = demisto.get(l,attr)
endpoints.append(endpoint)
return endpoints
def createAccountEntities(t,attrs):
accounts = []
for l in t:
account = {}
account['Type'] = 'AD'
account['ID'] = demisto.get(l,'dn')
account['Email'] = demisto.get(l,'mail')
account['Username'] = demisto.get(l,'name')
account['DisplayName'] = demisto.get(l,'displayName')
account['Groups'] = None
if demisto.get(l,'memberOf'):
account['Groups'] = demisto.get(l,'memberOf').split('<br>')
for attr in set(argToList(attrs)) - set(['dn','mail','name','displayName','memberOf']):
account[attr.title()] = demisto.get(l,attr)
accounts.append(account)
return accounts
# Optional arguments and default values
attrs = 'name'
if demisto.get(demisto.args(), 'attributes'):
attrs += "," + demisto.args()['attributes']
memberType = demisto.get(demisto.args(), 'memberType')
filterstr = r"(&(objectCategory=" + memberType + ")(memberof=" + demisto.args()['groupdn'] + "))"
context = {}
resp = demisto.executeCommand( 'ad-search', { 'filter' : filterstr, 'attributes' : attrs } )
if isError(resp):
demisto.results(resp)
else:
data = demisto.get(resp[0],'Contents')
md = ""
if isinstance(data, str) or isinstance(data, unicode) :
md = data
else:
data = data if isinstance(data, list) else [data]
md = tableToMarkdown("Active Directory Group Members", data)
if memberType == 'computer':
context['Endpoint'] = createEndpointEntities(data,attrs)
elif memberType == 'user':
context['Account'] = createAccountEntities(data,attrs)
demisto.results({'Type' : entryTypes['note'],
'Contents': data,
'ContentsFormat' : formats['json'],
'HumanReadable': md,
'ReadableContentsFormat' : formats['markdown'],
'EntryContext' : context})
scripttarget: 0
system: true
tags:
- active directory
type: python