We have done that,Actually we

shubhamkulkarni39 · ‎07-07-2015

Hi all,

What is role of Sourcefire User Agent on Active Directory,(is it required?)

When we connect Sourcefire defense center to AD, we need to create LDAP Connection what exactly Ldap does in this Scenario

Confusion between Defense center vs firepower vs firesight vs sensor vs ASA with firepower servcies?

Thanks!

Marvin Rhoads · ‎07-07-2015

The Sourcefire User Agent collects IP-user associations from your AD server.

The LDAP connection allows you to use AD (or LDAP) group membership in your policies.

Defense Center (DC) = old name for FireSIGHT Management Center (FMC). The old DC name is still referenced in much documentation.

FirePOWER = general brand name for the Sourcefire technology as implemented in Cisco's product line.

A sensor generally refers to a dedicated appliance (or VM) running only the FirePOWER NGIPS/NGFW technology.

ASA with FirePOWER services refers to a software module (module type = "sfr") running in addition to the base ASA software on an ASA platform. (On the 5585-X this is a dedicated hardware module.)

shubhamkulkarni39 · ‎07-08-2015

Hi marvin,

Thanks,

I am facing major issue in Sourcefire User agent, we want to integrate AD with Sourcefire,

We added Ldap Connection in Sourcefire, that successfully added,

we tried to install User agent on AD, but there was requirement for .net framework and sql, we installed and run User agent,

now User agent is installed, but when we try to connect with AD, fill all parameters Server IP, Domain, User name , Password, but there was continues error showing there was a error connecting to server, please check user name password and permission (1),

we have done DCOM, WMI, RPC seetings in AD, but still problem exists,

Exact error is: Authentication Error connecting to AD IP address
System.UnauthorizedAccessException: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
at System.Management.ThreadDispatch.Start()
at System.Management.ManagementScope.Initialize()
at Tools.Troubleshooter.testADServerConnection()Unable to determine AD Server's OS. - 1

Can you help me for the same!

Thanks

nrunge1 · ‎07-15-2015

If you are installing it on a DC you need to reference the local DC as "localhost" in the Servername/Address field.

shubhamkulkarni39 · ‎07-15-2015

We have done that,

Actually we are installing user agent on machine,

nrunge1 · ‎07-16-2015

I had zero luck using a remote host. It seems that there is a better success rate using the Domain Controllers themselves. However if you are forced to use a remote host for some reason.

Try following the following article. You may have done DCOM and WMI but you may also need a group policy so that your service account can manage auditing and security logs.

http://www.cisco.com/c/en/us/support/docs/security/firesight-management-center/118637-configure-firesight-00.html

Beyond that open up a case with TAC and hope for the best. The agent is complete garbage though.

It hasn't been updated since 2013 according to the Cisco website. This is what Cisco does. They stop development on acquisitions while they develop something better. Current customers get worked over while sales keeps the features on for brochure compliance.

shubhamkulkarni39 · ‎07-16-2015

we have done group policy stuff,

I forgot to tell you that we are facing issue in WMI,

Win32_Processor: WMI: Access denied

Win32_WMISetting: Successful

Security information: Successful

Win32_OperatingSystem: WMI: Access denied,

This is the reason we are facing issue in Sourcefire user agent.

nrunge1 · ‎07-17-2015

At this point I would open up a case with TAC. I opened one two days ago with a similar issue and we were able to resolve it this morning.