Crednetial Phishing Agent Permissions

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Crednetial Phishing Agent Permissions

L4 Transporter

Does anyone know if the credential phishing agent requires different\additional permissions to the base User agent?

 

I have installed with our 'standard' account and I get this in the logs:-

 

 09/03/18 18:05:33:996 [ Info 2036]: ------------Service is being started------------
 09/03/18 18:05:33:996 [ Info 2043]: Os version is 6.2.0.
 09/03/18 18:05:33:996 [ Info  389]: Load debug log level Info.
 09/03/18 18:05:33:996 [ Info  247]: Service version is 8.1.3.10.
 09/03/18 18:05:33:996 [ Info  392]: Product version is 8.
 09/03/18 18:05:33:996 [ Info  313]: Named pipe for UaService created.
 09/03/18 18:05:34:028 [Error  716]: Unable to extract credentials.
 09/03/18 18:05:39:028 [Error  716]: Unable to extract credentials.

 

It is also possible this is due to a security setting on the server itself I assume.

 

Thanks

4 REPLIES 4

L3 Networker

Hey did you get this fixed? I'm having the same issue.

 

Thanks!
Shannon

We did - I'm fairly sure we just had to run the Cred service as SYSTEM, not the Palo agent service account we assumed we needed to run both the PA agent and Cred agent with..

 

That said it is currently broken for us - I've not had time to check as we were only testing but I'm due to look this week as it turns out.

Hi thanks for replying - I've made sure we're using the system account, not a service account.

 

I've logged it with TAC and will update here if I get a resolution.

I could have sworn early on the install instructions said you needed a domain admin or at least something along the way domain admin was required, but that doesn't appear to be the case now.

 

 

https://docs.paloaltonetworks.com/pan-os/8-0/pan-os-admin/threat-prevention/prevent-credential-phish...

 

For using "Domain Credential Filter" --

"Install the User-ID agent and the User Agent Credential service on an RODC using an account that has privileges to read Active Directory via LDAP (the User-ID agent also requires this privilege)."

  • 3476 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!