cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2206
Views
0
Helpful
4
Replies

Umbrella not fetching the Identities

munaf shaikh
Level 1
Level 1

In activity search, we are not able to see the AD ID , Internal IP as well as the workstation identity for a connection.

The only identity visible showing is the 'Network' identity which is configured using the external public IP. And this network identity is applied a default org policy. 

Now we want the to apply this connection a custom policy using the AD ID or workstation identity, which is not possible because there is no such identity for the connection as shown below.

'Production' is the Network based identity, which is the only identity it is showing. 

 

munafshaikh_0-1680523070303.png

 

1 Accepted Solution

Accepted Solutions

Munaf,

Everything revolves around Identity in Cisco Umbrella.  Is this workstation a server?  How are you applying the policy for this server?    That workstation seems to be using the "network ID...(the egress)" for cloud security and that is why you see it in that report.

Have you implemented Virtual Appliances?  For added granular visibility such as the Internal IP address of the endpoint, virtual appliances provide that along with the ability to track in the reports.  More Info in the link below.

https://docs.umbrella.com/deployment-umbrella/docs/1-introduction

~Niles

If helpful, please rate this post.

View solution in original post

4 Replies 4

Niles Pyelshak
Cisco Employee
Cisco Employee

You have many options to provision Identity for user attribution in Cisco Umbrella.  Has AD been provisioned already and also created policies for those Identities??  See the link below:

https://docs.umbrella.com/deployment-umbrella/docs/1-ad-integration-setup-overview

Hi Niles, AD is already being provisioned and we do have AD based policies for other users. 

But this particular connection for a website from a specific workstation is not showing AD identities , except for the network based identity.

Munaf,

Everything revolves around Identity in Cisco Umbrella.  Is this workstation a server?  How are you applying the policy for this server?    That workstation seems to be using the "network ID...(the egress)" for cloud security and that is why you see it in that report.

Have you implemented Virtual Appliances?  For added granular visibility such as the Internal IP address of the endpoint, virtual appliances provide that along with the ability to track in the reports.  More Info in the link below.

https://docs.umbrella.com/deployment-umbrella/docs/1-introduction

~Niles

If helpful, please rate this post.

munaf shaikh
Level 1
Level 1

Thank you Niles, this workstation was pointing towards internal DNS servers instead of virtual appliance. 

Once we added virtual appliance's IPs in the DNS setting of the workstation, identity details started getting visible and hence correct policy got applied based on the identity.