04-03-2023 05:01 AM
In activity search, we are not able to see the AD ID , Internal IP as well as the workstation identity for a connection.
The only identity visible showing is the 'Network' identity which is configured using the external public IP. And this network identity is applied a default org policy.
Now we want the to apply this connection a custom policy using the AD ID or workstation identity, which is not possible because there is no such identity for the connection as shown below.
'Production' is the Network based identity, which is the only identity it is showing.
Solved! Go to Solution.
04-04-2023 06:09 AM
Munaf,
Everything revolves around Identity in Cisco Umbrella. Is this workstation a server? How are you applying the policy for this server? That workstation seems to be using the "network ID...(the egress)" for cloud security and that is why you see it in that report.
Have you implemented Virtual Appliances? For added granular visibility such as the Internal IP address of the endpoint, virtual appliances provide that along with the ability to track in the reports. More Info in the link below.
https://docs.umbrella.com/deployment-umbrella/docs/1-introduction
~Niles
If helpful, please rate this post.
04-03-2023 05:21 AM
You have many options to provision Identity for user attribution in Cisco Umbrella. Has AD been provisioned already and also created policies for those Identities?? See the link below:
https://docs.umbrella.com/deployment-umbrella/docs/1-ad-integration-setup-overview
04-03-2023 05:36 AM
Hi Niles, AD is already being provisioned and we do have AD based policies for other users.
But this particular connection for a website from a specific workstation is not showing AD identities , except for the network based identity.
04-04-2023 06:09 AM
Munaf,
Everything revolves around Identity in Cisco Umbrella. Is this workstation a server? How are you applying the policy for this server? That workstation seems to be using the "network ID...(the egress)" for cloud security and that is why you see it in that report.
Have you implemented Virtual Appliances? For added granular visibility such as the Internal IP address of the endpoint, virtual appliances provide that along with the ability to track in the reports. More Info in the link below.
https://docs.umbrella.com/deployment-umbrella/docs/1-introduction
~Niles
If helpful, please rate this post.
04-05-2023 04:28 AM
Thank you Niles, this workstation was pointing towards internal DNS servers instead of virtual appliance.
Once we added virtual appliance's IPs in the DNS setting of the workstation, identity details started getting visible and hence correct policy got applied based on the identity.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide