I am now doing this query: (mail={email})
since it is reliable.
I am doing something like [alert].[actors].[1].[id] right, to get the email.
Then I am putting that in an artifact and calling it the in LDAP query.
(mail=artifact string for email)
but it comes back with an error now that there character ’ ’ is not allowed. what!
A manual test does not have this issue, so the alert tied to it must be putting in a whitespace causing the LDAP query to fail.
full error:
ldap3.core.exceptions.LDAPInvalidDnError: character ’ ’ not allowed in attribute type
P.S. I will try putting [alert].[actors].[1].[id] in there to see if that works instead.
I am trying out python scripts to replace " " with “”. thoughts!?