• Support
  • Forums
  • Blogs
A New Community Experience is Coming! For more information, please see our announcement.

Error in the username field "spaces" not awolled


Big Time
Hi everybody,

I found this surprise when created a correlation directive, OSSIM don´t let me in a username with spaces, the problem here is, Microsoft support spaces in usernames (Creating User and Group Accounts), so, anybody knows a solution?

Best regards,

Share post:

Best Answer

  • i3_i3_
    Answer ✓
    Hi jeimues,

        Would it be possible to use a different unique identifier for the account in one of the userdata fields instead, like the Security ID? I believe you can use dashes in those and I think the SID should be available in the log.

    Take care,

      -- Kyle


  • Hi jeimues,

        The error you are seeing is a result of the input sanitizing that is performed by:

    /usr/share/ossim/include/Security.inc on either line 799 or 838

    While I understand the need for AD usernames with spaces, I cannot in good conscience recommend a modification to this code that would solve your problem.

    Can you please clarify the conditions/goal for this directive? Maybe there is a way to accomplish it without specifying usernames with spaces. Otherwise, someone at AlienVault will have to recommend a safe way to do what you are asking.

    Take care,

      -- Kyle
  • edited February 2014
    I create a correlation directive that control user login, password not valid, user add to local group and others windows events for specific accounts, some accounts was created with spaces, I know that Microsft say that is a bad practice, but in this moment I cant rename this accounts.

    Thks for your help
    Best regards
  • Other problem is the large list of accounts to control, and in my test the correlation directive only works with the first username.
  • great idea, i will try this option
  • Another option is to use userdata1 that not control user input, and let me to use "," for separate values.
This discussion has been closed.