Dropzone AI Documentation
WebsiteTest Drive
  • Dropzone Documentation
  • Overview
    • Alert Sources
    • Data Sources
    • Communicators
    • On-prem Support - Dropzone Connector
    • Interactive Chat
    • Metrics Guide
  • Dropzone Administraton
    • Team Admin
      • Google Workspace SAML
      • Okta SAML
  • Dropzone Integrations
    • Alert + Data Source Integrations
      • Amazon Web Services (AWS)
        • Cross-Account Access via CloudFormation
        • Cross-Account Access via Console
      • CrowdStrike
      • Datadog
      • Elasticsearch
      • Google Workspace
      • Google GCP
      • Jira
      • Microsoft 365 / Microsoft Defender
      • Palo Alto Networks Firewall
      • Panther
      • SentinelOne
      • Splunk
      • Sumo Logic
    • Alert Integrations
      • Gem
    • Communicators
      • Slack Communicator
    • Data Source Integrations
      • AbuseIPDB
      • Active Directory (LDAP)
      • Archive Inspector
      • Blocklist.de
      • CAPA
      • Censys
      • Crowdstrike Falcon Intelligence
      • DNSResolver
      • File
      • GreyNoise
      • Hybrid Analysis
      • Host.io
      • IPInfo.io
      • IPQualityScore
      • MalwareBazaar
      • Nuclei
      • NVD
      • Okta
      • oletools
      • OpenSSL Sign Code
      • PDF Analysis
      • Perplexity AI
      • PhishTank
      • Shodan
      • TShark
      • QRadar
      • UnshortenMe
      • URLhaus
      • Urlscan.io
      • VirusTotal
      • Vision
      • WHOIS
      • YARAify
Powered by GitBook
On this page
  • Active Directory LDAP
  • Integration Overview
  • Create a Read Only Service Account
  • Apply Active Directory Permissions to the Service Account
  • Determine The Service Account User Name
  • Determine your LDAP Base DN (Distinguished Name)
  • Install the Credentials into Your Dropzone Tenant

Was this helpful?

  1. Dropzone Integrations
  2. Data Source Integrations

Active Directory (LDAP)

PreviousAbuseIPDBNextArchive Inspector

Last updated 4 months ago

Was this helpful?

Active Directory LDAP

Active Directory LDAP is a Directory Data Source integration. Data Source integrations are used during investigations to improve analysis and in interactive chat to help answer questions. They are optional, but enabling more tooling integrations enhances Dropzone analysis.

The Dropzone platform supports Active Directory (LDAP) to look up organizational information such as users, job titles, and devices.

Active Directory does require that you've enabled the .

Integration Overview

To enable these integrations you will perform the following actions:

  • Create read-only service account

  • Grant the service account read access to users and computers

  • Determine your LDAP Base DN (Distinguished Name)

  • Install the credentials into your Dropzone tenant

Create a Read Only Service Account

Dropzone will use an AD service account for authenticating to your AD LDAP. Perform the following actions to create the account:

  • Open "Active Directory Users and Computers"

  • Right click on the container of your choice, such as "Users", and click New > User

  • Give it a first/last/full name

  • Give it a User Logon Name, e.g. svc-dropzone@

  • Record this User Logon Name for use later in the Dropzone UI where it is called "User"

  • Click Next

  • Provide a strong password and record it for use later in the Dropzone UI where it is called "Password"

  • Uncheck "User must change password at next login"

If you have a corporate-wide password rotation policy you should either disable it for this user, or you will want to change the password periodically in AD and update the Dropzone integration with the new password to stay within your organizational policy

  • Click "Next"

  • Click "Finish"

Apply Active Directory Permissions to the Service Account

Next, we will grant permissions to the service account. Most customers will apply this at the top of the forest so Dropzone has the most visibility into users/devices/etc, but you may pick a lower level if you wish to limit the scope.

  • Open "Active Directory Users and Computers"

  • Click "View" from the menu bar, and make sure "Advanced Features" is selected

  • Right click the top of your forest and select "Properties"

  • Select the "Security" tab and click "Add"

  • Type the name of the service account you created (e.g. svc-dropzone@) and click OK to search

  • Highlight the service account and click "Advanced"

  • In the "Permissions" tab, select the service account again and click "edit"

  • Set read for users

    • Set the "Applies to" dropdown to "Descendant User Objects" so the service account can see all objects in the hierarchy

    • In the Permissions section, make sure "Read All Properties" is checked

    • In the Properties section, make sure "Read All Properties" is checked (this is further down the page)

  • Set read for devices

    • Set the "Applies to" dropdown to "Descendant Computer Objects" so the service account can see all objects in the hierarchy

    • In the Permissions section, make sure "Read All Properties" is checked

    • In the Properties section, make sure "Read All Properties" is checked (this is further down the page)

  • Click the "OK" button to save

Note that device querying via LDAP is not yet supported in Dropzone AI

Determine The Service Account User Name

  • In Active Directory Users and Computers, find the service account we created

  • Right click on it and select Properties

  • Click "Attribute Editor" in the tabs at the top

  • Scroll down to the "distinguishedName" field

  • Double click it to pop it out

  • Record the full value of the distinguishedName field for use later in the Dropzone UI where it is called "Distinguished Name"

Determine your LDAP Base DN (Distinguished Name)

Your Base DN typically is based on your domain name, with DC= between each of the domain component. For example if your domain is example.com then the Base DN is likely DC=example,DC=com.

If you do not already know your Base DN, you can find it as follows:

  • In Active Directory Users and Computers, find the service account you created

  • Right click on it and select "Properties"

  • Click "Attribute Editor" in the tabs at the top

  • Scroll down to the "Distinguished Name" field

  • Double click it to pop it out

  • Record the part that starts with DC= for use later in the Dropzone UI where it is called the "Base DN"

Install the Credentials into Your Dropzone Tenant

The Data source integration allows Dropzone AI to look up organizational information.

You'll need the following information:

Dropzone Field
Source

Server

The IP address or name of the AD server

Distinguished Name

The User info you copied from the service account's DistinguishedName found in Active Directory

Password

The service account password you set above

Base DN

The LDAP DN of your Active Directory

To enable the Data Source integration, do the following:

  • Navigate to your Dropzone AI tenant home page e.g. https://mycompany.dropzone.ai

  • Click System > Integrations

  • Click "Available"

  • In the Search bar, search Active Directory, then click "Configure"

  • Input the service account user's Distinguished name and Password

  • Input the Base DN fields for searches

  • For the server name field, use ldap:// followed by your server name or IP

  • Click "Test & Save" to finish

If you have any errors engage your Dropzone AI support representative.

Dropzone Connector
Open Active Directory Users and Computers
Right Click New User
New User Details
Password Settings
Granting Permissions to the Service Account
Permissions to the Service Account (Continued)
Permissions to the Service Account (Continued)
User Settings
Device Settings
The Service Account
The distinguishedName
The User Distinguished Name
The Service Account
The Distinguished Name
The Base DN
Integrations Dropdown
Click Available
The Active Directory Data Tile
The Active Directory Data Source Configuration