Can cribl stream carry out ldap queries to Microsoft AD and then save the AD information in a lookup table or something similar? I want to automate fetching AD information from AD servers and then feeding it to a SIEM like Splunk or Elastic.
This is something I am interested in as well.
This is not something Cribl can do currently. The lookup would need to be managed outside of Cribl. CSV and Redis are the most common choices here
I would love for it to work like the ldapsearch command in Splunk does. I believe it is a Python based script that queries AD and pull the data down. I would hope the data could write direct to a destination like Splunk or LogStream, but Redis might work.