Cisco Cisco FirePOWER Appliance 7020
35-47
FireSIGHT System User Guide
Chapter 35 Introduction to Network Discovery
Obtaining User Data from LDAP Servers
.
Installing a User Agent
License:
FireSIGHT
After you configure the Defense Center to connect to the Windows computer where you plan to install
each user agent, install and configure the agents. Set up the Windows computer with the following
prerequisites:
each user agent, install and configure the agents. Set up the Windows computer with the following
prerequisites:
•
The computer is running Windows Vista, Windows 7, Windows 8, Windows Server 2003, Windows
Server 2008, or Windows Server 2012. The computer does not have to be an Active Directory server.
Server 2008, or Windows Server 2012. The computer does not have to be an Active Directory server.
•
The computer has Microsoft .NET Framework Version 4.0 Client Profile and Microsoft SQL Server
Compact (SQL CE) Version 3.5 installed. The framework is available from Microsoft as the .NET
Framework Version 4.0 Client Profile redistributable package (
Compact (SQL CE) Version 3.5 installed. The framework is available from Microsoft as the .NET
Framework Version 4.0 Client Profile redistributable package (
dotNetFx40_Client_x86_x64.exe
).
The SQL CE is available from Microsoft as an executable file (
SSCERuntime-ENU.exe
).
Note
If you do not have both the .NET Framework and SQL CE installed, when you open the agent
executable file (
executable file (
Sourcefire_User_Agent_2.1.0-build_number_Setup.exe
), it prompts you to
download the appropriate files.
•
The computer has TCP/IP access to the Active Directory servers you want to monitor, and uses the
same version of the Internet Protocol as the Active Directory servers. If the agent is monitoring the
Active Directory servers real-time, the computer’s TCP/IP access must be on at all times to retrieve
login data.
same version of the Internet Protocol as the Active Directory servers. If the agent is monitoring the
Active Directory servers real-time, the computer’s TCP/IP access must be on at all times to retrieve
login data.
•
The computer has TCP/IP access to the Defense Centers where you want to report data and an IPv4
address.
address.
•
The computer has an IPv6 address, if you want to detect logoffs from hosts with IPv6 addresses, or
an IPv4 address, if you want to detect logoffs from hosts with IPv4 addresses.
an IPv4 address, if you want to detect logoffs from hosts with IPv4 addresses.
•
The computer does not have a legacy agent or Version 2.0.x agent already installed. As these agents
do not automatically uninstall, to uninstall an existing agent, open
do not automatically uninstall, to uninstall an existing agent, open
Add/Remove Programs
in the control
panel.
Once you set up the computer with the prerequisites, install the agent.
The agent runs as a service using the
Local system
account. If the Windows computer where the agent is
running is connected to the network, the service continues to poll and send user data, even if a user is
not actively logged into the system.
not actively logged into the system.
Note
Do not make changes to the service configuration; the agent does not function correctly using a different
account.
account.
In a high availability configuration, add both Defense Centers to the agent to enable update of user login
data to both the primary and the secondary so the data remains current on both.
data to both the primary and the secondary so the data remains current on both.
To install a User Agent:
Access:
Any