Adding an LDAP enrichment source

To add an LDAP enrichment source, you need the following information:

Method to authenticate connection with the LDAP server (API key, Microsoft, or bearer).
Bearer token - you can either enter the token or get it at runtime by connecting to the LDAP server.

To add an LDAP enrichment source

Click Configurations > Enrichment Sources.
Click Create.
From the Select Enricher Type list, select LDAP.
Enter a name and description for the source.
These names appear in the enrichment policy while setting up LDAP enrichment. Use a name that will help you to identify the source and the enrichment that you want to apply.
To configure REST connection with the LDAP server, in the Connection section, click Add Connection, and perform the following steps:

In the Connection Configuration window, select the REST method to connect to the server and enter the endpoint URL.
The endpoint URL format must include protocol (HTTP/HTTPS), path parameters, and query parameters. For example, https://www.example.com/<pathparameter1>/<pathparameter2>?<queryparameter1>=value1&<queryparameter2>=value2.
Enclose dynamic path parameters or query parameter values in curly brackets {}. Ensure that the endpoint URL contains only one dynamic variable. The values with which you want to access the source, use such values as dynamic variable. For example, based on an IP address, you want to get information from the source and you want to use the IP address coming into logs. Use IP address as a dynamic variable in the URL. While creating an erichment policy, you configure the field in the logs from which the value of the dynamic variable is taken and enrichment is provided. Examples of the endpoint URL:
Dynamic path variable: https://www.example.com/<pathparameter1>/{variable}?<queryparameter1>=value1&<queryparameter2>=value2
Dynamic query parameter value: https://www.example.com/<pathparameter1>/<pathparameter2>?<queryparameter1>={variable}&<queryparameter2>=value2

In the Authorization section, perform the steps to configure authentication:

Authentication type	Description
Basic Authentication	Enter the user name and password to access the LDAP server. Click the Headers tab and add request headers in the form of key value pairs.
API Key Authentication	From the Add To list, select where do you want to add the API key (header, query, or path). In the API Key field, enter the API key. In the Key Name field, enter the key name. Click the Headers tab and add request headers in the form of key value pairs.
Bearer Authentication	In the Bearer Token field, enter the variable that contains the token. For example, $.token. Click the Headers tab and add request headers in the form of key value pairs. To get the bearer token (ensure that the output of the API to connect to the LDAP server is in JSON format), enable Add Login to fetch Bearer token. In the Login Action section, select the method to connect to the LDAP server and enter the endpoint URL. In the Header section, click Add Header and add headers in the form of key-value pairs. Click the Request Body tab and enter the payload in JSON format.
Microsoft Authentication	In the Application/Client ID field, enter the application ID or client ID to access the LDAP server. In the Directory/Tenant ID field, enter the directory or tenant ID. In the Client Secret field, enter the client secret. Value in the Scope field is displayed by default.

In the Test Connection section, enter the dynamic path parameter value to test the connection to the endpoint URL and click Connect.
If the test connection is successful, save the connection configuration.
All the fields that the source can provide for enrichment are displayed in the Enrichment Fields > Select Enrichment Target Fields field.

(Optional) From Select Enrichment Target Fields, remove a field.
Enable and save the enrichment source.
On the Enrichment Sources page, a filter is added for each type of source.

You can edit, disable, and delete the source by using the Actions menu.