This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Oussama_Kadim1
Contributor
‎2018-02-23 04:39 AM

Identity awareness and AD logs

Bonjour,

Je souhaiterai implémenter l'ID Awareness sur checkpoint basé sur une authentification AD.

Le problème qui se pose est que le client ne souhaite pas que l'AD envoi les events logs au checkpoint.

Pouvez vous me dire si il y a une possibilité de faire de l'ID awareness avec une authentification AD sans que le Firewall ne recupère les events Logs AD ( Genre le client envoi un ticket Kerberos directement au Checkpoint).

Cordialement.

---------------------------------------------------------------------------------------------------------------------------------------------------------

Hello,

I would like to implement ID Awareness on checkpoint based on AD authentication.

The problem is that the client does not want that the AD sends the events logs to the checkpoint.

Could you please tell me if there is an option to make the ID awareness based on AD authentication on the checkpoint without AD event logs?

Regards.

4 Replies
PhoneBoy
Admin
Admin
‎2018-02-23 10:48 AM

You have at least two other options:

Oussama_Kadim1
Contributor
‎2018-02-24 04:35 PM
In response to PhoneBoy

Thank you for your answer.

0 Kudos
Carsten_Pfitzer
Explorer
‎2018-07-09 04:00 AM
In response to PhoneBoy

Dameon Welch Abernathy

I am currently facing the same problem, and according to your link the Identity Collector does also need the security logs from the DCs:

Technical Description

The Identity Collector is using the Windows Event Log API for fetching the DC's security logs.
Windows Event Log is included in the operating system beginning with Windows Vista and Windows Server 2008 (client and server).

0 Kudos
PhoneBoy
Admin
Admin
‎2018-07-09 04:16 AM
In response to Carsten_Pfitzer

Yes, you're right, I missed that.

The main difference between AD Query and Identity Collector is the API used to acquire the information.

The reason we need to read the security logs is to automatically associate IP addresses to usernames and machine names.

LDAP is used to get groups, which are also relevant for Access Roles.

Identity Agent can also get the information, but this requires installing agents on the local PCs.

There is also an agent for Terminal Servers.

And of course Captive Portal, as I mentioned earlier (but this is not necessarily automatic).

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    li.common.scroll-to.top