Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
4114
Views
0
Helpful
4
Replies

Umbrella not fetching the Identities

Go to solution
munaf shaikh
Level 1
Level 1

‎04-03-2023 05:01 AM

In activity search, we are not able to see the AD ID , Internal IP as well as the workstation identity for a connection.

The only identity visible showing is the 'Network' identity which is configured using the external public IP. And this network identity is applied a default org policy. 

Now we want the to apply this connection a custom policy using the AD ID or workstation identity, which is not possible because there is no such identity for the connection as shown below.

'Production' is the Network based identity, which is the only identity it is showing. 

 

munafshaikh_0-1680523070303.png

 

1 person had this problem
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Niles Pyelshak
Cisco Employee
Cisco Employee
In response to munaf shaikh

‎04-04-2023 06:09 AM

Munaf,

Everything revolves around Identity in Cisco Umbrella.  Is this workstation a server?  How are you applying the policy for this server?    That workstation seems to be using the "network ID...(the egress)" for cloud security and that is why you see it in that report.

Have you implemented Virtual Appliances?  For added granular visibility such as the Internal IP address of the endpoint, virtual appliances provide that along with the ability to track in the reports.  More Info in the link below.

https://docs.umbrella.com/deployment-umbrella/docs/1-introduction

~Niles

If helpful, please rate this post.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Niles Pyelshak
Cisco Employee
Cisco Employee

‎04-03-2023 05:21 AM

You have many options to provision Identity for user attribution in Cisco Umbrella.  Has AD been provisioned already and also created policies for those Identities??  See the link below:

https://docs.umbrella.com/deployment-umbrella/docs/1-ad-integration-setup-overview

0 Helpful

Go to solution
munaf shaikh
Level 1
Level 1
In response to Niles Pyelshak

‎04-03-2023 05:36 AM

Hi Niles, AD is already being provisioned and we do have AD based policies for other users. 

But this particular connection for a website from a specific workstation is not showing AD identities , except for the network based identity.

0 Helpful

Go to solution
Niles Pyelshak
Cisco Employee
Cisco Employee
In response to munaf shaikh

‎04-04-2023 06:09 AM

Munaf,

Everything revolves around Identity in Cisco Umbrella.  Is this workstation a server?  How are you applying the policy for this server?    That workstation seems to be using the "network ID...(the egress)" for cloud security and that is why you see it in that report.

Have you implemented Virtual Appliances?  For added granular visibility such as the Internal IP address of the endpoint, virtual appliances provide that along with the ability to track in the reports.  More Info in the link below.

https://docs.umbrella.com/deployment-umbrella/docs/1-introduction

~Niles

If helpful, please rate this post.

0 Helpful

Go to solution
munaf shaikh
Level 1
Level 1

‎04-05-2023 04:28 AM

Thank you Niles, this workstation was pointing towards internal DNS servers instead of virtual appliance. 

Once we added virtual appliance's IPs in the DNS setting of the workstation, identity details started getting visible and hence correct policy got applied based on the identity.

0 Helpful
Customers Also Viewed These Support Documents
Top