5 Replies Latest reply on Oct 2, 2013 2:41 AM by uzanatta

    Source User Active Directory




      how can I retrieve groups from an Active Directory server in order to filtering events? I read the following KB


      https://kc.mcafee.com/corporate/index?page=content&id=KB74843&cat=CORP_SYSTEM_CO NTROLLER_LINUX&actp=LIST&showDraft=false


      but I don't see Active Directory into System Properties.


      Thank you.

        • 1. Re: Source User Active Directory

          You can view information by AD association in a couple of ways. 

          1. Apply an AD filter on the Source or Destination User fields in the global filter list (this is also supported in any location where source user is a filter option; reporting, correlation, views, etc):




          2. If you want a view to be built around AD, you can use the Filter component (last one to the right) from the View Editing Toolbar options to start with AD and then build the view from there.  As an example, this image started with AD and then shows all the events each user or AD group has logged. 




          Hopefully this helps answer your question. 

          1 of 1 people found this helpful
          • 2. Re: Source User Active Directory



            thank you for your prompt reply.


            I tried to apply a filter as you wrote but Active Directory tab is empty. Where does ESM fetch AD data?




            I filled up the records on on "System Properties" -> "Login Security" -> "Active Directory" and authentication is working.


            Thank you.

            • 3. Re: Source User Active Directory



              I found the solution. I have to set up an asset source. Thank you.

              • 4. Re: Source User Active Directory

                Hi Zanatta,


                You can tell me, how you set up an Asset Source. I not found how configure it.

                My Active Directory no found, no authentication, no view, no found, please hel me.


                Thanks you.

                • 5. Re: Source User Active Directory



                  click on the "Asset Manager" icon on the top right menu then go to the "Asset Sources" tab.