LDAP/AD telemetry and metadata

[hitman28594]

4.x	Manager
X.Y.Z-rev	Wazuh component	Manager/Agent	Packages/Sources	OS version

Hello Team,

I would like to make a feature request for a mechanism to query and ingest computer metadata from AD/LDAP. A lot of other products have several of the proposed use cases and I think these would be a great feature addition to wazuh which would make the user experience a lot more friendly.

Use cases:

• Check total computer objects in AD and compare against registered wazuh agents.
• Providing a view or percentage of total coverage.
• Highlighting systems which exist in LDAP/AD but are not registered with Wazuh.
• Wazuh LDAP account used for querying can also be used as a honeypot account.
• collecting metadata and ldap information which isn’t collected by syscollector (such as OU, description, groups etc.)
• Unregistering systems if they are deleted in AD.

Config options:

• Configuration of an ldap username:password in ossec.conf.
• ADfilter / LDAPfilter option to apply specific filters (E.g only check for servers, exclude OS, member of group, member of OU etc.)

https://docs.microsoft.com/en-us/powershell/module/activedirectory/get-adcomputer?view=windowsserver2022-ps

[hitman28594]

The feature request made here also related to native AD monitoring/integration:

https://github.com/wazuh/wazuh/issues/3878

We would be able to query LDAP to pre-populate things like cdb lists and automatically enrich entities out of the box.