cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
227
Views
0
Helpful
4
Replies
Highlighted
Beginner

stealthwatch and AD integration not getting all the data

hi experts, i have a little problem

because some client has stealthwatch and want to integrate it with AD

the integration is fine from i stealthwatch(we are using the same user type that we use for ISE to get data from the same AD)

 

following this document, we get information but not all the data from the user, and i get that this could or could not be of great deal, but how can i prove that everything is fine from the integration and the problem it's the AD

https://community.cisco.com/t5/security-documents/configuring-stealthwatch-identity-microsoft-active-directory-pdf/ta-p/3643869

 

and with the ISE integration only can we get the same information?

or just via Stealthwatch and AD integration we can get the email and stuff from AD's users?

 

thanks for your time, best regards

 

 

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Cisco Employee

Re: stealthwatch and AD integration not getting all the data

I ask this to TAC team and there is no official document because AD structure is super complex and we need forest-related information to integrate AD. So please open TAC and get advice from them.

However, TAC can support basic procedures, so you may need Professional Service to integrate AD.

 

And you can find online help about where is basic configuration area of AD. But there is no detail.

View solution in original post

4 REPLIES 4
Highlighted
Cisco Employee

Re: stealthwatch and AD integration not getting all the data

ISE and AD integration is a little bit different purpose. ISE is for IP, Mac Address and User Account. AD is for User Context in AD stored. So answer is both you need to integrate Stealthwatch.

 

Please watch the below video, it shows exact what you want to know.

https://youtu.be/HMePrvPe1qI

 

Highlighted
Beginner

Re: stealthwatch and AD integration not getting all the data

hi, thanks for the video, buy already did it, it shows super simple from the stealthwatch side, but i like a binary part

but not from the AD and that is the part that i'm looking for because it's not clear the part of the AD config, do you have some info about it or more update it than the pdf post it before, please.

Highlighted
Cisco Employee

Re: stealthwatch and AD integration not getting all the data

I ask this to TAC team and there is no official document because AD structure is super complex and we need forest-related information to integrate AD. So please open TAC and get advice from them.

However, TAC can support basic procedures, so you may need Professional Service to integrate AD.

 

And you can find online help about where is basic configuration area of AD. But there is no detail.

View solution in original post

Highlighted
Beginner

Re: stealthwatch and AD integration not getting all the data

hi kyoshiik, thanks a lot for the help, i get it because from stealthwatch it's more like on/off setting
but depends a lot from AD from the user and cn search how you retrieve the data, now it's more clear and thanks for the quick reply, have a nice week!
This widget could not be displayed.