Cisco Cisco Firepower Management Center 4000
38-57
FireSIGHT System User Guide
Chapter 38 Working with Discovery Events
Working with Users
When the system discovers a user, it collects data about that user and stores it in the database.
Descriptions of the fields in the users table follow.
Descriptions of the fields in the users table follow.
User
One of:
–
the first name, last name, and username of the user as collected via the optional Defense
Center-LDAP server connections
Center-LDAP server connections
–
the username only, if you have not configured Defense Center-LDAP server connections, or for
users that the Defense Center cannot correlate with an LDAP record
users that the Defense Center cannot correlate with an LDAP record
The Defense Center also displays the protocol used to detect the user.
Note that because unsuccessful AIM login attempts are recorded, the Defense Center can store
invalid AIM users (for example, if a user misspelled his or her username).
invalid AIM users (for example, if a user misspelled his or her username).
Current IP
The IP address associated with the host that the user is logged into. This field is blank if another
authoritative user logs into the host with the same IP address after the user’s login, unless the user
is an authoritative user and the new user is a non-authoritative user. (The system associates the IP
address with the last authoritative user that logged in with the host.) For more information on
authoritative vs. non-authoritative users, see
authoritative user logs into the host with the same IP address after the user’s login, unless the user
is an authoritative user and the new user is a non-authoritative user. (The system associates the IP
address with the last authoritative user that logged in with the host.) For more information on
authoritative vs. non-authoritative users, see
.
First Name
The user’s first name, as obtained from the optional Defense Center-LDAP server connections. This
field is blank if:
field is blank if:
–
you have not configured a Defense Center-LDAP server connection
–
the Defense Center cannot correlate the user in the Defense Center database with an LDAP
record (for example, for users added to the database via an AIM, Oracle, or SIP login)
record (for example, for users added to the database via an AIM, Oracle, or SIP login)
–
there is no first name associated with the user on your LDAP servers
Last Name
The user’s last name, as obtained from the optional Defense Center-LDAP server connections. This
field is blank if:
field is blank if:
–
you have not configured a Defense Center-LDAP server connection
–
the Defense Center cannot correlate the user in the Defense Center database with an LDAP
record (for example, for users added to the database via an AIM, Oracle, or SIP login)
record (for example, for users added to the database via an AIM, Oracle, or SIP login)
–
there is no last name associated with the user on your LDAP servers
E-Mail
The user’s email address. This field is blank if:
–
the user was added to the database via an AIM login
–
the user was added to the database via an LDAP login and there is no email address associated
with the user on your LDAP servers
with the user on your LDAP servers