I was checking the User-IP mapping in one of the boxes and noticed something which is a mystery to me. I have attached the picture in this discussion. Some of the entries in the output show as Unknown. Any of you know why and how this happens ?
The white boxes that have been cut out are the usernames which i had to remove due to privacy concerns.
If the firewall/agent is receiving traffic form an ip it does not have user mapping info for, it will probe that ip to get that info. We need to check if the host responds to wmi probes by probing the ip address manually from another host or a host with domain admin login
Following is the command you can run on a cmd, wmic /Node:192.168.128.16 ComptuerSystem Get UserName
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!