Cisco Cisco Firepower Management Center 2000

Version 2.2 of the User Agent works in conjunction with FireSIGHT System managed devices to gather 
user data. If you are using the agent with Version 5.x of the FireSIGHT System, the User Agent is also 
essential to implementing user access control. 

User Agents monitor Microsoft Active Directory servers and report logins and logoffs authenticated via 
LDAP. The FireSIGHT System integrates these records with the information it collects via direct 
network traffic observation by managed devices.

For more information, see the following sections:

If you are upgrading your User Agent to Version 2.2, please note the following changes:

When you remove Version 2.0 to Version 2.1.1 of the agent, you must back up the database to 
preserve your configuration settings. See 

 for more 

information. 

However, Version 2.2 of the agent preserves configuration settings for future upgrades 
automatically. If you uninstall and reinstall Version 2.2 of the agent, you do not need to manually 
back up the database. 

The agent can detect logins to a configured Active Directory server. When configuring the 
connection, select an IP address from the 

 field.

Configured Active Directory server connections support user passwords of up to 64 characters.

The agent now supports an 

 of 1 minute and 5 minutes. The 

shorter maximum poll lengths can improve real-time monitoring performance and logout detection.

The concepts in this section focus on the role of the User Agent in implementing user discovery on the 
FireSIGHT System. For a more detailed discussion of all concepts related to user discovery and network 
discovery (or RNA, in Version 4.x documentation), see the FireSIGHT System User Guide for the version 
of the FireSIGHT System running on your appliances.

For more information, see the following sections: