cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1439
Views
0
Helpful
1
Replies

Generate audit activity report

SupportAC
Level 1
Level 1

Hi,

 

We would like to audit in detail all the network activity of an internal user in our corporate.

Please, how can we get this? what are the steps to generate a heuristic audit and be able to generate the activity report in Fpower.

 

Is this possible?

1 Reply 1

Marvin Rhoads
Hall of Fame
Hall of Fame

It depends.

Do you have a working realm and LDAP/AD integration in your Firepower deployment? If you do you can get some data from a custom report. Firepower is more of a security tool though and the quality and usability of reporting on individuals users is rather limited. Generally a Web Security Appliance (WSA) or Cisco Umbrella deployment is more effective at this sort of thing.

Also you will obviously only see traffic that has transited the firewall and during the period for which you have connection events IF your policies are set to log connections events.

There's not a canned report but you can follow the methodology used here, adapting it to search for a given user:

https://community.cisco.com/t5/firepower/firepower-top-visited-website-report/m-p/3308446#M338

Review Cisco Networking for a $25 gift card