Identity awareness logging only logon and logoff events.

CheckMates Toolbox Contest 2024
Submit a Tool for a Chance to WIN a $300 or $50 Gift Card!

LEARN MORE!

May the 4th (+4)
Roadmap Session and Use Cases for
Cloud Security, SASE, and Email Security

WATCH NOW

Harmony Endpoint:
Packing a Punch in 2024

CPX 2024 Content
is Here!

Get What You Need

Harmony SaaS
The most advanced prevention
for SaaS-based threats

LEARN MORE

CheckMates Go:
The Difference Is In The Details

LISTEN NOW

Create a Post

Now, this may sound funny to some of you that know me, but here it is:

We are running Security Checkup in our environment and the 15400 all-in-one box that was configured to accept the traffic from the span port, blades enabled and IA configured.

IA is working in terms of seeing AD objects when trying to define roles and we see the logon and logoff events in a SmartLog.

AD query is working with adlog a dc and adlog a q ip returning proper values.

There are, however no user or machine IDs int the rest of the logs.

I am not involved in the hands-on aspects of this project due to rather dramatically expanded responsibilities in my current role, but would like to lend a hand to my guys that are involved with it.

SE that Check Point assigned to the case stated that he has seen this behavior in one more Security Checkup he was running, but that the root cause was never determined.

Another question is this: when running security checkup with all-in-one, does it make sense to have IA configured or is it better to have Identity Logging configured on the box. Is there a case where both should be configured?

Let me know if you have any suggestions.

Thank you,

Vladimir