Cisco Cisco Firepower Management Center 2000
1-7
FireSIGHT User Agent Configuration Guide
Chapter 1 Introduction
Understanding User Agents
multiple logins to the
same host by
different users
same host by
different users
The system assumes that only one user is logged into any given host at a time,
and that the current user of a host is the last authoritative user login. If only
non-authoritative logins have been logged into the host, the last
non-authoritative login is considered the current user. If multiple users are
logged in through remote sessions, the last user reported by the Active
Directory server is the user reported to the Defense Center.
and that the current user of a host is the last authoritative user login. If only
non-authoritative logins have been logged into the host, the last
non-authoritative login is considered the current user. If multiple users are
logged in through remote sessions, the last user reported by the Active
Directory server is the user reported to the Defense Center.
multiple logins to the
same host by the
same user
same host by the
same user
The system records the first time that a user logs into a specific host and
disregards subsequent logins. If an individual user is the only person who logs
into a specific host, the only login that the system records is the original login.
disregards subsequent logins. If an individual user is the only person who logs
into a specific host, the only login that the system records is the original login.
If another user logs into that host, however, the system records the new login.
Then, if the original user logs in again, his or her new login is recorded.
Then, if the original user logs in again, his or her new login is recorded.
Unicode characters
The user interface may not correctly display user names with Unicode
characters.
characters.
The agent does not report user names with Unicode characters to Version 4.10.x
Defense Centers.
Defense Centers.
LDAP user accounts
in the users database
in the users database
If you remove or disable an LDAP user on your user awareness or RUA LDAP
servers, or exclude the user name from being reported to the Defense Center,
the Defense Center does not remove that user from the users database, and that
user continues to count against your licensed limit for users listed in the
database. You must manually purge the user from the database. For Version 5.x,
note that the user license limit is applied in parallel for access-controlled users;
the user count for access-controlled users depends on the number of users
retrieved by your LDAP configuration.
servers, or exclude the user name from being reported to the Defense Center,
the Defense Center does not remove that user from the users database, and that
user continues to count against your licensed limit for users listed in the
database. You must manually purge the user from the database. For Version 5.x,
note that the user license limit is applied in parallel for access-controlled users;
the user count for access-controlled users depends on the number of users
retrieved by your LDAP configuration.
Table 1-1
User Data Collection Limitations (continued)
Limitation
Description