XML Interface to PAN Agent

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

XML Interface to PAN Agent

L1 Bithead

Hi


We are having a lot of issues with using the PAN Agent scraping the wrong user / ip information from our AD logs as we also have a mixture of local user logins and remote desktop RDP connections which change the user's login / ip address association which I'm sure you are all aware of.


I'm aware that the UID Agent that is used for E-Directory LDAP has an XML API, but as we are using Active Directory, I'm using the PAN Agent instead. I was wondering if there is a similar XML API for the PAN Agent?


If there isn't, why not? Is it on the road map for sometime soon?


Is there some other way of clearing the wrong user / ip association from the PAN Agent?

I've tried to use Captive Portal with NTLM but this only works if the user is _unknown_.

Is there a way to force a CP connection when users use a web browser and to clear it when the browser is closed?


Failing that, can the UID Agent be used with Active Directory (and hence the API) instead of the PAN Agent and if so, what would be the best practice configuration please?


As the main selling point to use for the PAN was its user / app logging, the fact that the wrong users are being logged is disastrous for us.

We would rather not have a user logged than the wrong one, as it makes the user's web browsing activity wrong with serious consequences to us from our HR department.

Any help in these matters would be appreciated.

2 REPLIES 2

Palo Alto Networks Guru

The User-ID XML API is only available on the User-ID agent for LDAP (eDirectory). Though, you can install it on any machine, even if you don't have AD. In that case, you'd just be using the XML API feature of the Agent. In order to monitor event logs of domain controller, you'd still need the User-ID agent for AD.

While the User-ID XML API allows you to register users with a given IP address, it doesn't allow you to remove those mappings if they where not created through the XML API. Unfortunately, the current version of the Agent also doesn't provide a method to selectively remove User-IP mappings.

To address your problem, you might want to add the RDP servers you're concerned about to the exclude list on the User-ID Agent side and capture those users with the Terminal Services Agent on those servers.

L2 Linker

Hello.

I am having the same issue. Can you please tell me how do I clear the wrong user ip association from the PAN agen?

Thanks.

Luis

  • 3196 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!