https://live.paloaltonetworks.com/t5/general-topics/user-id-agent-wildcard-support-in-ignore-user-list-txt/m-p/471056#M103057 <P>Yeah support speculate it's to prevent potential costly misconfigurations of regex lookups, we've hit our SE up for the FR <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P><P>&nbsp;</P><P>Say hi to mum for me!</P> Mon, 07 Mar 2022 23:23:58 GMT mb_equate 2022-03-07T23:23:58Z https://live.paloaltonetworks.com/t5/general-topics/user-id-agent-wildcard-support-in-ignore-user-list-txt/m-p/469988#M102977 <P>A customer of mine uses a mix of prefixes and suffixes for service and privileged accounts respectively, and needs to ignore these accounts to prevent incorrect mappings. This is&nbsp;especially true where policy applies to non-privileged groups, if a non-privileged user accesses resource with privileged account (e.g. RDP NLA) and their expected policy does not apply.</P><P>&nbsp;</P><P>In an ideal world, the ignore-user list should look like this:</P><P>*.adm<BR />svc-*</P><P>&nbsp;</P><P>The privileged accounts (*.adm) cannot be excluded with a wildcard because it can only be used "<SPAN>as the last character in the entry". In theory this should work for service accounts (svc-*) however that entry is not in the exclude list when viewed from the firewall yet the unsupported entry (*.adm) is:</SPAN></P><P>&nbsp;</P><P><SPAN>&gt; show user user-id-agent config name {agent}</SPAN></P><P><SPAN>...</SPAN></P><P><SPAN>Ignore Users:<BR />*.adm<BR /></SPAN></P><P>&nbsp;</P><P><SPAN>&gt;</SPAN></P><P>&nbsp;</P><P><SPAN>Is there a simple way to ignore ip-user-mapping for accounts matching a specific suffix, or must we add users individually (or outsource the job to a powershell script)?</SPAN></P><P>&nbsp;</P><P>Matt</P> Thu, 03 Mar 2022 04:59:01 GMT https://live.paloaltonetworks.com/t5/general-topics/user-id-agent-wildcard-support-in-ignore-user-list-txt/m-p/469988#M102977 mb_equate 2022-03-03T04:59:01Z https://live.paloaltonetworks.com/t5/general-topics/user-id-agent-wildcard-support-in-ignore-user-list-txt/m-p/470834#M103031 <P>Hi <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/127749">@mb_equate</a> ,</P> <P>&nbsp;</P> <P data-unlink="true">In the meantime, why not add your vote to the existing feature request (<SPAN class="news-body-text"><SPAN><STRONG>ID: 7423</STRONG> -&nbsp; <EM>add ignore list entries using a wildcard at the beginning of the usernames</EM></SPAN></SPAN>).&nbsp;</P> <P data-unlink="true">&nbsp;</P> <P data-unlink="true">To add your vote to this feature request, please reach out to your local sales rep and have him add your vote to FR ID 7423.</P> <P data-unlink="true">&nbsp;</P> <P data-unlink="true">Cheers !</P> <P data-unlink="true">Kiwi.</P> <DIV id="ConnectiveDocSignExtentionInstalled" data-extension-version="1.0.4">&nbsp;</DIV> Mon, 07 Mar 2022 09:23:39 GMT https://live.paloaltonetworks.com/t5/general-topics/user-id-agent-wildcard-support-in-ignore-user-list-txt/m-p/470834#M103031 kiwi 2022-03-07T09:23:39Z https://live.paloaltonetworks.com/t5/general-topics/user-id-agent-wildcard-support-in-ignore-user-list-txt/m-p/470865#M103034 <P>suffix wildcards are not supported in the ignore-user-list, you could try to convince your customers to start using .svc just like they did for .adm <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> Mon, 07 Mar 2022 11:18:16 GMT https://live.paloaltonetworks.com/t5/general-topics/user-id-agent-wildcard-support-in-ignore-user-list-txt/m-p/470865#M103034 reaper 2022-03-07T11:18:16Z https://live.paloaltonetworks.com/t5/general-topics/user-id-agent-wildcard-support-in-ignore-user-list-txt/m-p/471056#M103057 <P>Yeah support speculate it's to prevent potential costly misconfigurations of regex lookups, we've hit our SE up for the FR <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P><P>&nbsp;</P><P>Say hi to mum for me!</P> Mon, 07 Mar 2022 23:23:58 GMT https://live.paloaltonetworks.com/t5/general-topics/user-id-agent-wildcard-support-in-ignore-user-list-txt/m-p/471056#M103057 mb_equate 2022-03-07T23:23:58Z