Cisco Cisco Firepower Management Center 2000
2-12
FireSIGHT User Agent Configuration Guide
Chapter 2 Setting up a User Agent
Configuring a User Agent
Step 4
Type a user name and password with rights to query for user login and logoff data on the Active
Directory server. To authenticate with a user via proxy, type a fully qualified user name.
Directory server. To authenticate with a user via proxy, type a fully qualified user name.
By default, the domain for the account you used to log into the computer where you installed the agent
auto-populates the
auto-populates the
Domain
field.
Note
If your user password contains 65 or more characters, you cannot configure new server
connections. To regain this functionality, shorten your password.
connections. To regain this functionality, shorten your password.
Step 5
Enter the domain that the Active Directory server is domain for in the Domain field.
Step 6
To detect logins to the Active Directory server, select an IP address from the
Local Login IP Address
field.
The agent automatically populates this field with all IP addresses associated with the server specified in
the
the
Server Name/IP Address
field.
If the
Server Name/IP Address
field is blank or contains
localhost
, this field is populated with all IP
addresses associated with the local host.
Step 7
Select
Process real-time events
to enable the user agent to retrieve login events from this Active Directory
server real-time.
Step 8
Click
Add
.
The server connection definition appears in the list of Active Directory servers. If you have more than
one server connection configured, you can sort on
one server connection configured, you can sort on
Host
,
Last Reported
,
Polling Status
,
Last Polled
,
Real-time
Status
, or
Real-time
by clicking on the respective column headers.
Note
If the agent cannot connect to the Active Directory server at configuration time, you cannot add
the server. Check that the agent has TCP/IP access to the server, that the credentials you used
can connect, and that you correctly configured the connection to the Active Directory server. See
the server. Check that the agent has TCP/IP access to the server, that the credentials you used
can connect, and that you correctly configured the connection to the Active Directory server. See
for more
information.
Step 9
Optionally, to change the interval at which the agent automatically polls the Active Directory server for
user login data, select a time from the
user login data, select a time from the
Active Directory Server Polling Interval
drop-down list.
After you save the settings, the next poll occurs after the selected number of minutes elapse, and recurs
at that interval. If a poll takes longer than the selected interval, the next poll starts in the next interval
after the poll ends. If real-time data retrieval is enabled for an Active Directory server, and the agent
loses connectivity with the server, the agent keeps attempting polls until it receives a response and
real-time data retrieval is available. Once the connection is established, real-time data retrieval resumes.
at that interval. If a poll takes longer than the selected interval, the next poll starts in the next interval
after the poll ends. If real-time data retrieval is enabled for an Active Directory server, and the agent
loses connectivity with the server, the agent keeps attempting polls until it receives a response and
real-time data retrieval is available. Once the connection is established, real-time data retrieval resumes.
Step 10
Optionally, to change the maximum time span polled when the agent first establishes or reestablishes a
connection to poll an Active Directory server for user login data, select a time from the
connection to poll an Active Directory server for user login data, select a time from the
Active Directory
Server Max Poll Length
drop-down list.
Note
You cannot save a value in the
Active Directory Server Max Poll Length
drop-down list less than the
value selected from the
Active Directory Server Polling Interval
drop-down list. The agent does not
allow saving a configuration that would skip user activity data in each poll.
Step 11
To save and apply configuration changes to the agent, click
Save
.
Step 12
You have the following options:
•
To add or remove Defense Center connections, select the
Sourcefire DCs
tab. For more information,