User-ID Agent

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

User-ID Agent

Not applicable

Is it possible to use the User-ID Agent to scan the logs from a machine configured as an Event Collector.  I have an event log called "Forwarded Events" which holds centralised logon/logoff events for another tool.  It would be good to leverage that information for Palo too.

Regards

Gary

3 REPLIES 3

L6 Presenter

Hi Gary,

That sounds like an enhancement request for your local SE as here's what the agent is intended to do:

Pan-agent is a Windows application/service doing the following tasks:

  • Get      Groups/Users from the configured domain controller and send to Pan Device
  • Get      the IP-Username mapping for the configured domain and send to Pan Device

Ø  Read security logs from the configured domain controllers to analyze the domain user logon event

Ø  If enabled, probe the user IP detected from the security log reading to see if the user is sill logged on that IP

Ø  Enumerate the net sessions from the configured domain controllers to get the IP-Username mappings for the net session

  • Forward      the NTLM message received from Pan Device to the domain controllers and      vice versa to support NTLM authentication

Thanks,

Renato

L4 Transporter

Hi Gary,

You may be able to script something and use our XML API into the user-ID agent.

Thanks

James

how would i do that, any help would be apperciated

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!