Edit: moved to Sourcefire category.
---
Hi All,
Wondering if somebody can lead me in the right direction here, I have a customer running Sourcefire 6.0 with the FireSIGHT MC and am having an issue with the IP to User mapping. Under Analysis > Users > Users I don't have any records. I've gone in and setup the "realm" under itnegration which tests out ok, and setup the user download which pulls down the groups so I know the linkage for the "realm" is there. The tasks show LDAP synch with 2 groups and 293 Users successful. Identity Policy was setup with passive authentication and the User Agent on the active directory system is installed and tested successfully. I noticed the following in the syslogs stored locally (changed hostname and users) and I'm wondering if it has something to do with it?
Any other information required let me know.
Thanks,
Keith