Cisco Cisco Firepower Management Center 4000
35-48
FireSIGHT System User Guide
Chapter 35 Introduction to Network Discovery
Obtaining User Data from LDAP Servers
Step 1
Download the User Agent setup file (
Sourcefire_User_Agent_2.1.0-build_number_Setup.zip
, where
build_number
represents the number of the agent build) from either of the following Support Sites:
– Sourcefire:
– Cisco:
Note
Download the setup file directly from the Support Site and do not transfer it by email. If you
transfer the setup file by email, it may become corrupted.
transfer the setup file by email, it may become corrupted.
Step 2
Copy the setup file to the Windows computer where you want to install the agent and unpack the file.
The agent requires 3 MB free on the hard drive for installation. Cisco recommends you allocate 4 GB on
the hard drive for the agent local database.
the hard drive for the agent local database.
Step 3
Open the setup executable file (
Sourcefire_User_Agent_2.1.0-build_number_Setup.exe
).
Tip
If you are using an account that is not a member of the Administrators group and do not have permissions
to install new applications on the Windows computer, you must elevate to a user that does belong to the
group to have the appropriate permissions to start the installation. To access the escalation option, right
click the
to install new applications on the Windows computer, you must elevate to a user that does belong to the
group to have the appropriate permissions to start the installation. To access the escalation option, right
click the
Sourcefire_User_Agent_2.1.0-build_number_Setup.exe
file and select
Run As
. Select an
appropriate user and supply the password for that user.
Step 4
If you do not have both Microsoft .NET Framework Version 4.0 Client Profile and SQL CE Version 3.5
installed on the Windows computer where you install the agent, you are prompted to download the
appropriate files. Download and install the files.
installed on the Windows computer where you install the agent, you are prompted to download the
appropriate files. Download and install the files.
The setup wizard appears.
Step 5
Follow the prompts in the wizard to install the agent.
The agent is installed. The User Agent starts as a service on the Windows system. Continue with
.
Configuring User and Security Permissions
After you prepare the computer with all agent prerequisites, configure user permissions and Windows
security permissions to allow the agent to communicate with the Active Directory server, access the
security logs to retrieve login data, and optionally, retrieve logoff data. Optionally, enable idle session
timeouts in the group policy to help prevent the agent from detecting and reporting extraneous logins
due to multiple sessions on a host. For more information, see the FireSIGHT System User Agent
Configuration Guide.
security permissions to allow the agent to communicate with the Active Directory server, access the
security logs to retrieve login data, and optionally, retrieve logoff data. Optionally, enable idle session
timeouts in the group policy to help prevent the agent from detecting and reporting extraneous logins
due to multiple sessions on a host. For more information, see the FireSIGHT System User Agent
Configuration Guide.
Continue with
.
Configuring a User Agent
License:
FireSIGHT
Once the agent is installed, you can configure it to receive data from Active Directory servers, report the
information to Defense Centers, exclude specific user names and IP addresses from the reporting, and
log status messages to a local event log or the Windows application log.
information to Defense Centers, exclude specific user names and IP addresses from the reporting, and
log status messages to a local event log or the Windows application log.