Setting up the User API for User Mapping
Threat Defender can be set up to track the usernames and IP addresses of users who connect to the network.
Preparing Threat Defender
Set up Threat Defender to receive user tracking information:
Navigate to Inventory > User Api Setting.
Specify a Secret Key that servers will use to login in to Threat Defender.
Click SAVE to store the settings.
Tip
Optionally, you can define exceptions that will not be logged.
Preparing the Network
Threat Defender cannot independently detect users connecting to the network. Users can either be created manually (see Users) in Threat Defender or this information can be transmitted by the network clients or servers. We recommend setting up the servers since this is more efficient.
For this purpose, set up the servers to contact Threat Defender using the specified Secret Key and to transmit the IP addresses and usernames of users connecting to the network. For example, this can be done using curl:
curl -skL "https://$TARGET/userapi/registration?action=login&clientIP=${IP}&username=${USER}&secretKey=password"
Where the $TARGET
variable is the DNS name or IP address of Threat Defender.
Result
Threat Defender displays the login and logout events generated by the users in the user API log and reporting.