Cisco Cisco Firepower Management Center 4000

Page of 1844
 
35-47
FireSIGHT System User Guide
 
Chapter 35      Introduction to Network Discovery
  Obtaining User Data from LDAP Servers
Continue with the next section, 
.
Installing a User Agent
License: 
FireSIGHT
After you configure the Defense Center to connect to the Windows computer where you plan to install 
each user agent, install and configure the agents. Set up the Windows computer with the following 
prerequisites:
  •
The computer is running Windows Vista, Windows 7, Windows 8, Windows Server 2003, Windows 
Server 2008, or Windows Server 2012. The computer does not have to be an Active Directory server.
  •
The computer has Microsoft .NET Framework Version 4.0 Client Profile and Microsoft SQL Server 
Compact (SQL CE) Version 3.5 installed. The framework is available from Microsoft as the .NET 
Framework Version 4.0 Client Profile redistributable package (
dotNetFx40_Client_x86_x64.exe
). 
The SQL CE is available from Microsoft as an executable file (
SSCERuntime-ENU.exe
).
Note
If you do not have both the .NET Framework and SQL CE installed, when you open the agent 
executable file (
Sourcefire_User_Agent_2.1.0-build_number_Setup.exe
), it prompts you to 
download the appropriate files. 
  •
The computer has TCP/IP access to the Active Directory servers you want to monitor, and uses the 
same version of the Internet Protocol as the Active Directory servers. If the agent is monitoring the 
Active Directory servers real-time, the computer’s TCP/IP access must be on at all times to retrieve 
login data.
  •
The computer has TCP/IP access to the Defense Centers where you want to report data and an IPv4 
address.
  •
The computer has an IPv6 address, if you want to detect logoffs from hosts with IPv6 addresses, or 
an IPv4 address, if you want to detect logoffs from hosts with IPv4 addresses.
  •
The computer does not have a legacy agent or Version 2.0.x agent already installed. As these agents 
do not automatically uninstall, to uninstall an existing agent, open 
Add/Remove Programs
 in the control 
panel.
Once you set up the computer with the prerequisites, install the agent.
The agent runs as a service using the 
Local system
 account. If the Windows computer where the agent is 
running is connected to the network, the service continues to poll and send user data, even if a user is 
not actively logged into the system. 
Note
Do not make changes to the service configuration; the agent does not function correctly using a different 
account. 
In a high availability configuration, add both Defense Centers to the agent to enable update of user login 
data to both the primary and the secondary so the data remains current on both.
To install a User Agent:
Access: 
Any