You don’t see a mapping for it in Cloud Exchange because usergroup isn’t in any of the event or alert logs. 

But the “user” information is in the logs, and the user group is an attribute associated with the user… 

In any Skope IT events or alerts you can see the User and User Group information. Can’t this same information be sent to the SIEM with cloud exchange?

I looked at the output from every event and alert API call, and I didn’t see user group in any of them. I can add a feature request for it but it is not available today. I did start at SkopeIT and saw it there for my client and then did API calls to look for it.

​I’ve noticed the same thing, you can’t get the group data from the API, so I’m not sure it’s actually part of the event/alert at all. It might be resolved when the query is run in Skope-IT.

Thanks ​@Gary-Jenkins and ​@notskope  for your responses and help!

Here you said that you can add a feature request inr oder to include the user group information in the API call, I’d be really thankfull if this can be done, and if you let me know how can I follow-up this request