Configure Traffic-Based user detection
Configure traffic-based user detection to automatically enable host discovery and monitor user login activities across various protocols in your network.
When you enable traffic-based user detection in a network discovery rule, host discovery is automatically enabled. For more information about traffic-based detection, see The Traffic-Based Detection Identity Source.
Procedure
Step 1 | Choose . |
Step 2 | Click Users. |
Step 3 | Click Edit ( |
Step 4 | Check the check boxes for protocols where you want to detect logins or clear check boxes for protocols where you do not want to detect logins, and choose whether you want to Capture Failed Login Attempts. |
Step 5 | Click Save. |
Traffic-based user detection is configured for the selected protocols, enabling the system to monitor user login activities and automatically discover hosts in your network.
What to do next
Caution | Enabling or disabling non-authoritative, traffic-based user detection over the HTTP, FTP, or MDNS protocols, using the network discovery policy restarts the Snort process when you deploy configuration changes, temporarily interrupting traffic inspection. Whether traffic drops during this interruption or passes without further inspection depends on how the assigned device handles traffic. See Snort Restart Traffic Behavior for more information. |
-
Configure network discovery rules to discover users as described in Configuring Network Discovery Rules.
-
Deploy configuration changes.