Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Wolfgang
Authority
Authority
Jump to solution

identity logging

We have a use case to do identity logging only. We don't need rules based on identities, we only want to identify users in the logs and create reports based on this.

Enabling "identity logging" on the logserver looks like this is based on AD query, which is no more supported. Will be there a solution without implementing Identity Collector ?

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin

Identity Logging was added before we added Identity Awareness, thus why it uses AD Query.
If you don’t configure any Access Roles in your policy, then Identity Awareness is exactly the same as Identity Logging.

The mechanisms we use for AD Query have been substantially changed by Microsoft in response to various security vulnerabilities.
It wouldn’t surprise me if Microsoft made additional changes to further secure WMI, making AD Query completely unusable.

View solution in original post

2 Replies
emmap
Employee
Employee

I'm not aware of any plans to change the ID logging configuration on Mgmt servers, typically we configure IA on gateways and let them tag the users on IP addresses when they generate their logs. You don't need to be enforcing any identity based rules for gateways to collect and tag users on logged traffic. 

0 Kudos
PhoneBoy
Admin
Admin

Identity Logging was added before we added Identity Awareness, thus why it uses AD Query.
If you don’t configure any Access Roles in your policy, then Identity Awareness is exactly the same as Identity Logging.

The mechanisms we use for AD Query have been substantially changed by Microsoft in response to various security vulnerabilities.
It wouldn’t surprise me if Microsoft made additional changes to further secure WMI, making AD Query completely unusable.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events