5 Replies Latest reply on Oct 2, 2013 2:41 AM by uzanatta

    Source User Active Directory

    uzanatta

      Hi,

       

      how can I retrieve groups from an Active Directory server in order to filtering events? I read the following KB

       

      https://kc.mcafee.com/corporate/index?page=content&id=KB74843&cat=CORP_SYSTEM_CO NTROLLER_LINUX&actp=LIST&showDraft=false

       

      but I don't see Active Directory into System Properties.

       

      Thank you.

        • 1. Re: Source User Active Directory
          kcole

          You can view information by AD association in a couple of ways. 

          1. Apply an AD filter on the Source or Destination User fields in the global filter list (this is also supported in any location where source user is a filter option; reporting, correlation, views, etc):

           

          screenshot.png

           

          2. If you want a view to be built around AD, you can use the Filter component (last one to the right) from the View Editing Toolbar options to start with AD and then build the view from there.  As an example, this image started with AD and then shows all the events each user or AD group has logged. 

           

          screenshot2.png

           

          Hopefully this helps answer your question. 

          1 of 1 people found this helpful
          • 2. Re: Source User Active Directory
            uzanatta

            Hi,

             

            thank you for your prompt reply.

             

            I tried to apply a filter as you wrote but Active Directory tab is empty. Where does ESM fetch AD data?

             

            Capture.JPG

             

            I filled up the records on on "System Properties" -> "Login Security" -> "Active Directory" and authentication is working.

             

            Thank you.

            • 3. Re: Source User Active Directory
              uzanatta

              Hi,

               

              I found the solution. I have to set up an asset source. Thank you.

              • 4. Re: Source User Active Directory
                arfelix

                Hi Zanatta,

                 

                You can tell me, how you set up an Asset Source. I not found how configure it.

                My Active Directory no found, no authentication, no view, no found, please hel me.

                 

                Thanks you.

                • 5. Re: Source User Active Directory
                  uzanatta

                  Hi,

                   

                  click on the "Asset Manager" icon on the top right menu then go to the "Asset Sources" tab.

                   

                  Rgds,