Cisco Cisco FirePOWER Appliance 7010
35-44
FireSIGHT System User Guide
Chapter 35 Introduction to Network Discovery
Obtaining User Data from LDAP Servers
Step 15
Specify any particular
User Exclusions
.
Excluding a user prevents you from writing an access control rule using that user as a condition. Separate
multiple users with commas. You can also use an asterisk (
multiple users with commas. You can also use an asterisk (
*
) as a wildcard character in this field.
Step 16
Specify how often you want the Defense Center to query the LDAP server to obtain new user and group
information.
information.
By default, the Defense Center queries the server once a day at midnight:
•
Use the
Start At
drop-down list to specify when you want the query to occur.
0
represents midnight,
1
represents 1:00 AM, and so on.
•
Use the
Update Interval
drop-down list to specify how often, in hours, you want to query the server.
Step 17
Click
Save
.
If you added or made changes to user and group access control parameters, confirm that you want to
implement your changes. The object is saved. Note that you must enable the connection before the
Defense Center can query the LDAP server; see the next section,
implement your changes. The object is saved. Note that you must enable the connection before the
Defense Center can query the LDAP server; see the next section,
Enabling and Disabling User Awareness LDAP Connections
License:
FireSIGHT
Only enabled LDAP connections allow the Defense Center to query the LDAP servers. To stop queries,
you can temporarily disable LDAP connections rather than deleting them.
you can temporarily disable LDAP connections rather than deleting them.
When you enable an LDAP connection where you have specified user and group access control
parameters, you can force the Defense Center to query the server immediately, or you can wait until the
first scheduled query occurs, as defined by the access control parameters in the LDAP connection. Note
that you can also perform an on-demand query; see the next section,
parameters, you can force the Defense Center to query the server immediately, or you can wait until the
first scheduled query occurs, as defined by the access control parameters in the LDAP connection. Note
that you can also perform an on-demand query; see the next section,
.
The maximum number of users the Defense Center can retrieve from the server depends on your
FireSIGHT license. If your access control parameters are too broad, the Defense Center obtains
information on as many users as it can and reports the number of users it failed to retrieve in the task
queue.
FireSIGHT license. If your access control parameters are too broad, the Defense Center obtains
information on as many users as it can and reports the number of users it failed to retrieve in the task
queue.
To enable or disable an LDAP connection:
Access:
Admin/Discovery Admin
Step 1
Select
Policies > Users
.
The Users Policy page appears.
Step 2
Next to the LDAP connection you want to enable or disable, click the slider.
If the connection was enabled, it is disabled. If it was disabled, it is enabled.
Step 3
If you are enabling the connection and your connection has user and group access control parameters,
choose whether you want to immediately query the LDAP server to obtain user and group information.
choose whether you want to immediately query the LDAP server to obtain user and group information.
If you do not immediately query the LDAP server, the query occurs at the scheduled time.
The query begins. You can monitor its progress in the task queue (
System > Monitoring > Task Status
).