A question for the community...
Who is using the Identity Feed to pull in AD context for log or packet events?
Active Directory Source/destination Username/workstation/domain
Curious how many people know about it, have it configured and use it in different implementations for logs or packets
We are using it. It seems to work well, but it can confuse newer ananylst who take it as gold standard of who was actually using the system because sometimes it does not get it right.