Setting up the User API for User Mapping

Threat Defender can be set up to track the usernames and IP addresses of users who connect to the network.

Preparing Threat Defender

Set up Threat Defender to receive user tracking information:

  1. Navigate to Inventory > User Api Setting.
  2. Make sure the slider switch is set to (enabled).
  3. Specify a Secret Key that servers will use to login in to Threat Defender.
  4. Click SAVE to store the settings.

Optionally, you can define exceptions that will not be logged.

Preparing the Network

Threat Defender cannot independently detect users connecting to the network. Users can either be created manually in Threat Defender or this information can be transmitted by the network clients or servers. We recommend setting up the servers since this is more efficient.

Windows

We provide Event Log Watcher for Windows, a user mapping service that allows you to track Windows assets and user data from Windows Active Directory. Contact our support team for the installation file and further instructions.

Other Operating Systems

To set up user tracking in other operating environments, you need to manually set up the servers to contact Threat Defender using the specified Secret Key and to transmit the IP addresses and usernames of users connecting to the network. For example, this can be done using curl:

    curl -skL "https://$TARGET/userapi/registration?action=login&clientIP=${IP}&username=${USER}&secretKey=password"

Where the $TARGET variable is the DNS name or IP address of Threat Defender.

Result

Threat Defender displays the login and logout events generated by the users in the user API log and reporting.

results matching ""

    No results matching ""