Is it possible to use the User-ID Agent to scan the logs from a machine configured as an Event Collector. I have an event log called "Forwarded Events" which holds centralised logon/logoff events for another tool. It would be good to leverage that information for Palo too.
That sounds like an enhancement request for your local SE as here's what the agent is intended to do:
Pan-agent is a Windows application/service doing the following tasks:
Ø Read security logs from the configured domain controllers to analyze the domain user logon event
Ø If enabled, probe the user IP detected from the security log reading to see if the user is sill logged on that IP
Ø Enumerate the net sessions from the configured domain controllers to get the IP-Username mappings for the net session
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!