Dynamic user group using HIP log

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Dynamic user group using HIP log

L4 Transporter

Hi Team,

 

Just need to check if anybody faced the below issue in PanOS 10.0.x

I am trying to create a dynamic user group with HIP log by following settings,

1- created one Tag

2- Configured log settings for HIP log for build in action tagging the source user with the tag created before

3- created a dynamic group with the above tag as match criteria.

 

The dynamic users are not getting registered eventhough HIP logs are there.

When I do the same configuration for User-ID logs, things are working fine and I can see dynamic user registration is happening.

 

Thanks in advance.

1 REPLY 1

L6 Presenter

If the log forwarding profile is working for the User-ID and tagging the IP address/user and not for the HIP it could be a bug so check with the TAC. Also you can use custom signatures for vulnerability to trigger and informational message with an action Alarm (not block) in the Threat logs and use that as a signal for the Log Forwarding to tag the username. In this case the log forwarding profile will be attached on the firewall rule.

  • 1434 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!