- KNOWLEDGE BASE
- AUTOMATION
- SUPPORTED AUTOMATION
-
START YOUR TRIAL
-
DEVICE INTEGRATION
-
CONNECTORS
-
DATA INGESTION
-
HUNTING WITH WORKBOOKS
-
DNIF Query Language (DQL Language)
-
SECURITY MONITORING
-
OPERATIONS
-
MANAGE DASHBOARDS
-
MANAGE REPORTS
-
USER MANAGEMENT & ACCESS CONTROL
-
BILLING
-
MANAGING YOUR COMPONENTS
-
GETTING STARTED
-
INSTALLATION
-
SOLUTION DESIGN
-
AUTOMATION
-
TROUBLESHOOTING AND DEBUGGING
-
LICENSE MANAGEMENT
-
RELEASE NOTES
-
API
-
POLICIES
-
SECURITY BULLETINS
-
BEST PRACTICES
-
DNIF AI
-
DNIF LEGAL AND SECURITY COMPLIANCE
User Store
User Store integration is used to lookup on custom event stores uploaded to DNIF for various Users in an organization.
Pre-requisites
- The custom event store must contain a column named $User in the event store data.
Configuration
- Follow the initial configuration steps in How to Configure Automation?.
- Click the edit icon to add details.
Field Description User Event Store Name Enter valid Event Store Name for User - Enter the above details and click Save.
Lookup integrated with User Store
Retrieve User Details
The User for which you want to retrieve the details from the eventstore.
Function_name
get_user_info
Input
- The UserDetails is a custom event store created to demonstrate this example. user_details.csv
- Run a Search
The Search query retrieves the $User field for each event in the UserDetails (custom) eventstore.
Output
_lookup user_store get_user_info $User
In the pipelined query function, the _lookup directive calls the get_user_info function of the user_store plugin. $User is passed as a parameter to the function. This report contains details about the User such as the Employee ID, Department, Location of the User and so on. The output is as shown below:
The Lookup call returns output based on the available data in the event store.