In Firepower connection events, I see there are numerous connections that do not have any user. If I go to connection events and search the IP the user has, the user field shows no data. If I go to active sessions and search the same IP address, it shows the user. How do I go about getting the user to be populated in the connection events? I'm pretty sure this worked in earlier versions of Firepower.
Running Firepower 6.7 and ISE 2.6 patch 6.
Did you check your realm integration? Make sure you are able to download users and groups. That's in addition to your ISE identity source.
I had this issue recently with a Firepower 6.7. We ended up having to change the LDAP user name to not use the LDAP style DNs and instead use user@company.com style.
Thanks for that info. Yes I have the realm configured (when downloading it says it downloaded hundreds of users). The ldap user we have is also in the user@domain format as you described in the FMC Directory Username * field.