I am trying to create a Dynamic user group using Log settings for HIP logs by the following procedure,
1- created one Tag
2- Configured log settings for HIP log for build in action tagging the source user with the tag created before
3- created a dynamic group with the above tag as match criteria.
The dynamic users are not getting registered even though HIP logs are there. It is working fine for User-id logs (instead of HIP logs). i have tested in PanOS 9.1 as well as 10.0. Both versions are showing same behaviur. Have anybody faced the same ?.
Thanks in advance
Hi @reaper ,
I can see the logs are created in HIP match logs under the monitor tab.
When I have a similar setup for user-id logs, I can see the dynamic user group is getting populated along with the new entry in 'user-id' logs.
i can see the email alert as well if I configure the email receiver.
One thing to notice is the user-id logs have 'user' column but the HIP log has 'source user', not sure this is causing the issue in the background.
Back in ClearPass version 6.5 released in March 2015, some new features were added and a couple of older
features modified to improve their function.
Policy Manager, when it’s aware of the posture/health for an endpoint, can share this information with Palo
Alto. ClearPass gathers different health class information from the OnGuard client, context such as the state
of the endpoint firewall (enabled/disabled, engine version), derives a posture state, and then returns a
healthy/un-healthy state per class back to the Palo Alto firewall. There are 10 classes that can be reported
against and they are covered later in the document.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!