This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

User-ID Agent

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

User-ID Agent

aveva_palo
Not applicable

‎02-11-2011 09:03 AM

Is it possible to use the User-ID Agent to scan the logs from a machine configured as an Event Collector.  I have an event log called "Forwarded Events" which holds centralised logon/logoff events for another tool.  It would be good to leverage that information for Palo too.

Regards

Gary

0 Likes Likes
3 REPLIES 3

gswcowboy
L6 Presenter

‎02-11-2011 10:05 AM

Hi Gary,

That sounds like an enhancement request for your local SE as here's what the agent is intended to do:

Pan-agent is a Windows application/service doing the following tasks:

  • Get      Groups/Users from the configured domain controller and send to Pan Device
  • Get      the IP-Username mapping for the configured domain and send to Pan Device

Ø  Read security logs from the configured domain controllers to analyze the domain user logon event

Ø  If enabled, probe the user IP detected from the security log reading to see if the user is sill logged on that IP

Ø  Enumerate the net sessions from the configured domain controllers to get the IP-Username mappings for the net session

  • Forward      the NTLM message received from Pan Device to the domain controllers and      vice versa to support NTLM authentication

Thanks,

Renato

0 Likes Likes

James
L4 Transporter

‎02-11-2011 10:21 AM

Hi Gary,

You may be able to script something and use our XML API into the user-ID agent.

Thanks

James

0 Likes Likes

kimalat
L0 Member
In response to James

‎04-25-2012 06:14 PM

how would i do that, any help would be apperciated

0 Likes Likes
  • 3087 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks