Generate audit activity report

SupportAC — Mon, 23 Sep 2019 08:06:44 GMT

Hi,

We would like to audit in detail all the network activity of an internal user in our corporate.

Please, how can we get this? what are the steps to generate a heuristic audit and be able to generate the activity report in Fpower.

Is this possible?

Re: Generate audit activity report

Marvin Rhoads — Mon, 23 Sep 2019 09:49:00 GMT

It depends.

Do you have a working realm and LDAP/AD integration in your Firepower deployment? If you do you can get some data from a custom report. Firepower is more of a security tool though and the quality and usability of reporting on individuals users is rather limited. Generally a Web Security Appliance (WSA) or Cisco Umbrella deployment is more effective at this sort of thing.

Also you will obviously only see traffic that has transited the firewall and during the period for which you have connection events IF your policies are set to log connections events.

There's not a canned report but you can follow the methodology used here, adapting it to search for a given user:

https://community.cisco.com/t5/firepower/firepower-top-visited-website-report/m-p/3308446#M338

topic Generate audit activity report in Network Security

Generate audit activity report

Re: Generate audit activity report