Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1149
Views
0
Helpful
3
Replies

to use DN instead of AD user logon name with rewrite rule..

Go to solution
murat001
Enthusiast
Enthusiast

‎06-10-2018 02:27 PM

hi all

i want to ask about identity rewrite rule.

in deployment, we are using ise 2.3 and we have integrated with AD and Stealthwatch pxGrid.

AD userlogon name info  consist from numbers . that's why, it seems this numbers on Stealtwatch as username. and we want to see  AD distinguished name as username on ISE live log.and we want to send this username info to Stealthwatch.

For example :    AD user logon name : 123456

                          first name : murat

                          last name : gok

                          distinguished name : murat gok

can i do this request with identity rewrite rule. ?

thanks in advance

murat

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
hslai
Cisco Employee
Cisco Employee

‎06-10-2018 02:51 PM

No. The Identity Rewrite [in Active Directory > Advanced Settings] is transform the input usernames (based on the existing characters) into those suitable for looking them up in AD, but nowhere used to derive sAMAccountName -> display name.

If using the regular authentication (i.e. password-based), then the user identity is the username set by the DOT1X supplicants. If using certificate-base authentication, then the user identity is the certificate attribute selected by the certificate authentication profile used.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
hslai
Cisco Employee
Cisco Employee

‎06-10-2018 02:51 PM

No. The Identity Rewrite [in Active Directory > Advanced Settings] is transform the input usernames (based on the existing characters) into those suitable for looking them up in AD, but nowhere used to derive sAMAccountName -> display name.

If using the regular authentication (i.e. password-based), then the user identity is the username set by the DOT1X supplicants. If using certificate-base authentication, then the user identity is the certificate attribute selected by the certificate authentication profile used.

0 Helpful

Go to solution
murat001
Enthusiast
Enthusiast
In response to hslai

‎06-10-2018 10:44 PM

hi

thanks for info.

i asked the this subject  to lancopesupport , considering that it can be parse as username by lancope.

they said that it can do it by ISE identity rewrite.

but i think, it can do it by ISE PIC syslog sender service. we can do parsing according to submitted logs. because we are using custom syslog parsing template with regex. for user ip mapping.

do you have any suggestion in this subject?

thanks

0 Helpful

Go to solution
hslai
Cisco Employee
Cisco Employee
In response to murat001

‎06-10-2018 11:15 PM

Please ask StealthWatch support team to clarify how it can be done by ISE.

Although I've not done it myself, I've seen SMC fetching the full name via LDAP. See the section "Active Directory Configuration" in StealthWatch 6.8 Appliance Administration — Networking fun

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers
Spotlight Award Nomination
Customers Also Viewed These Support Documents