Setting up the User API for User Mapping

Threat Defender can be set up to track the usernames and IP addresses of users who connect to the network.

Preparing Threat Defender

Set up Threat Defender to receive user tracking information:

  1. Navigate to Inventory > User Api Setting.

  2. Make sure the slider switch is set to on Enabled.

  3. Specify a Secret Key that servers will use to login in to Threat Defender.

  4. Click SAVE to store the settings.

Tip

Optionally, you can define exceptions that will not be logged.

Preparing the Network

Threat Defender cannot independently detect users connecting to the network. Users can either be created manually (see Users) in Threat Defender or this information can be transmitted by the network clients or servers. We recommend setting up the servers since this is more efficient.

For this purpose, set up the servers to contact Threat Defender using the specified Secret Key and to transmit the IP addresses and usernames of users connecting to the network. For example, this can be done using curl:

curl -skL "https://$TARGET/userapi/registration?action=login&clientIP=${IP}&username=${USER}&secretKey=password"

Where the $TARGET variable is the DNS name or IP address of Threat Defender.

Result

Threat Defender displays the login and logout events generated by the users in the user API log and reporting.