Cisco Cisco Firepower Management Center 4000
35-46
FireSIGHT System User Guide
Chapter 35 Introduction to Network Discovery
Obtaining User Data from LDAP Servers
You can use the User Agent Status Monitor health module to monitor the heartbeat of agents connected
to a Defense Center. For more information, see
to a Defense Center. For more information, see
.
To use a user agent, first configure the Defense Center to connect to the Windows host where you plan
to install the agent. Then, install and configure the agent.
to install the agent. Then, install and configure the agent.
User agents can connect to up to five Defense Centers at a time. In a high availability deployment,
connect agents to both the primary Defense Center and the secondary Defense Center. To do so you must
make sure agents can communicate with both the primary Defense Center and the secondary Defense
Center.
connect agents to both the primary Defense Center and the secondary Defense Center. To do so you must
make sure agents can communicate with both the primary Defense Center and the secondary Defense
Center.
For more information, see:
•
•
•
•
Configuring the Defense Center to Connect to a User Agent
License:
FireSIGHT
The first step in collecting LDAP user login information using user agents is to configure each Defense
Center to allow connections from the agents you plan to connect to your Active Directory servers.
Center to allow connections from the agents you plan to connect to your Active Directory servers.
Tip
To delete the Defense Center-User Agent connection, click the delete icon (
) and confirm that you
want to delete it.
To configure the Defense Center to connect to a User Agent:
Access:
Admin/Discovery Admin
Step 1
Select
Policies > Users
.
The Users Policy page appears.
Step 2
Click
Add User Agent
.
The Add User Agent pop-up window appears.
Step 3
Type a descriptive name for the agent in the
Name
field.
Step 4
Type the IP address or host name of the computer where the agent will reside in the
Hostname or IP Address
field.
Step 5
Click
Add User Agent
.
The Defense Center can now connect to a User Agent on the configured host.
If you want to perform user control (that is, write access control rules with user conditions), you must
configure and enable a connection between the Defense Center and at least one of your organization’s
Microsoft Active Directory servers. This configuration, called an LDAP connection or a user awareness
authentication object, contains connection settings and authentication filter settings for the server. The
connection’s user and group access control parameters specify the users and groups you can use in access
control rules. See
configure and enable a connection between the Defense Center and at least one of your organization’s
Microsoft Active Directory servers. This configuration, called an LDAP connection or a user awareness
authentication object, contains connection settings and authentication filter settings for the server. The
connection’s user and group access control parameters specify the users and groups you can use in access
control rules. See
for more information.