FireSIGHT FirePOWER controlling traffic based on AD users doesn't work

Hi all,
FirePOWER doesn't seam to be working for rules based on users from Active Directory.
I was able to import users from AD, and I can see the users being matched with an IP (Analysis->Users->Users).
I can say that the rule does work because if I build it to be IP based, traffic is blocked. But as soon as I add users to the rule, traffic stops being blocked.
Can someone a bit more experient with FireSIGHT and/or FirePOWER help me out with this...
thanks

Hi all,
FirePOWER doesn't seam to be working for rules based on users from Active Directory.
I was able to import users from AD, and I can see the users being matched with an IP (Analysis->Users->Users).
I can say that the rule does work because if I build it to be IP based, traffic is blocked. But as soon as I add users to the rule, traffic stops being blocked.
Can someone a bit more experient with FireSIGHT and/or FirePOWER help me out with this...
thanks

Similar Messages

  • Installed iTunes on my laptop Windows 7 64 bit and I now have the following problems 1) iTunes volume won't adjust with the laptop volume control, only within iTunes, 2) playback doesn't work unless I click play twice and 3) the iTunes Store won't open

    Installed iTunes on my laptop Windows 7 64 bit and I now have the following problems 1) iTunes volume won't adjust with the laptop volume control, only within iTunes, 2) playback doesn't work unless I click play twice and 3) the iTunes Store won't open

    Installed iTunes on my laptop Windows 7 64 bit and I now have the following problems 1) iTunes volume won't adjust with the laptop volume control, only within iTunes, 2) playback doesn't work unless I click play twice and 3) the iTunes Store won't open

  • What to do if you use a segmented control in interface builder and it doesn't work ?

    What to do if you use a segmented control in interface builder and it doesn't work ?

    The first thing to do would probably be to update your profile and/or signature so people will know what OS, language, and development system you are using, then perhaps include some additional information such as what "it doesn't work" means, and possibly a few other things like some error logs, what you have done so far, maybe a code snippet or two, etc.

  • Aperture 3.2: renaming based on date/time doesn't work properly

    While importing I rename my photos based on the date/time they were taken.
    In Aperture 3.1.3 this worked perfectly fine; for photos taken within the same second Aperture added an index number for the second, third etc. photo automatically.
    In Aperture 3.2 this doesn't work any longer; Aperture simply doesn't import photo number 2, 3 etc. of that particular one second.
    Note: I store the original files outside the aperture library, all run under snow leopard on an iMac i7. And as I said this worked fine under 3.1.
    Does anyone have an idea?

    Thanks all for the response
    Leonie, here are the details of what I do/experience:
    a) Aperture message after import
    b) I import pairs and rename them as follows “IMG_{Image Date}_{Image_Time}” (I know all the disadvantages of this but old habits are hard to break… and for me it still works fine)
    c) Difference of the images that are imported / not imported is solely the hundredth of the second when they were taken. Of my test series only the first image has been imported:
    DSC_4903.jpg(2011/10/19 22:49:50.08)
    DSC_4904.jpg(2011/10/19 22:49:50.25)
    DSC_4905.jpg(2011/10/19 22:49:50.43)
    DSC_4906.jpg(2011/10/19 22:49:50.60)
    DSC_4907.jpg(2011/10/19 22:49:50.80)
    d) I import via the import panel: Import in new project – storefiles in particular folder (not Aperture library) – subfolder ‘imageyear/month” – rename as described above – import both
    Doug, after some trial and error I agree with your thoughts, Aperture apparently simply lost its automatic indexes ‘-1’, ‘-2’ etc. and – what is good - doesn’t overwrite the first with the second and the third image... As you suggest there are different options to make the images unique. Most simple would be to add {index #} or {sequence #} or {counter}, all would do and I probably will choose one of them. Or I will downgrade back to 3.1.3 (do have backups) and wait until Apple fixes this.
    Kirby, turnoff “Don’t import duplicates” was a good idea but didn’t solve it. But your naming convention actually ensures the uniqueness of the files.
    Michael

  • Windows users doesn't work after migrating from old to new server!

    We have done a complete re-install on our XServe with OD. We have about 10 Windows users, and after the installation all their settings and mail are gone. All the "normal" files are there though.
    I'm not sure we have done it the right way though: We did a backup from the old server (a bootable copy with Super Duper), then we formatted and installed everything. We made new accounts (with different names if that's good to know) and copied the users home folders to the new location. The Mac clients seem to work good, but all the settings on the Windows clients are gone...
    Is there an easier way to this? We still have the workable copy from the old installation. There seems to be some kind of export/import way to do this, but I haven't got a clue how to do that...
    Please help!

    davidh,
    We didn't reintegrate smb.conf, but set the new server up just like the old one. We did however compare these files to see that the vital parts (netlogon, shares and so on, and of course basic settings) were correct.
    We also copied the user files and profiles and made them identical on the new server, except for placing them under the new usernames.
    Regarding the Local Settings folder, it doesn't exist on the old server, that's one of the weird things. We've checked the profile for a user on the client machine, and it is a roaming profile. That's why we're a bit puzzled as to why the login works and all files are there, but the user preferences and Outlook doesn't work.
    I know I've read somewhere that the Local Settings aren't replicated like the other files in a roaming profile, but I haven't finished checking up on that. I wouldn't expect anything else than that Windows takes care of Outlook e-mail for a roaming profile as well though; I mean, the user must be able to read his/her mail from any computer in the domain, what else would the purpose of a roaming profile be?
    Except for the weird thing about us not being able to find the user preferences or Outlook files for the client amongst the files on the server, I feel we're missing something; Apparently Windows isn't as straight forward as one would expect (not sure why I did expect anything, come to think of it).
    We're going to give it a new go next weekend. Except for doing further research we're thinking of copying /etc/smb.conf and the files in /var/samba and /var/db/samba to the new server, along with exporting and importing the old user accounts to the new server, and then see if everything works as expected.
    If so, we'll see if we can change the account names in a nice way, it's really desired to do so.
    If not, we really need to do some more research, but if I'm not mistaking, the Samba-related files I just mentioned are the ones that pretty much make up the Windows Services in OS X, isn't that so?
    Thanks!

  • HT5957 Controlling music apps in lock screen doesn't work in ios7.02?

    After applying the second update to ios7, none if my music apps function in the lock screen.  No stopping music from any app including the Apple music app in the lock screen.  This means that Bluetooth controllers such as car stereo systems can't control next track, pause or stop on any music app being accessed since the screen is generally locked while driving.  This is dangerous because the only way to control these apps - while driving - is to unlock the phone.  Apparently my phone is now more secure, but I guess that means it securely doesn't work in lock screen.

    Try A and B
    (A) Restart iPad
    1. Hold down the Sleep/Wake button until the red slider appears.
    2. Drag the slider to turn off iPad.
    3. Turn iPad back on, hold down the Sleep/Wake until the Apple logo appears
    (B) Reset iPad
    Hold down the Sleep/Wake button and the Home button at the same time for at least ten seconds, until the Apple logo appears
    Note: Data will not be affected.

  • Mount -o users doesn't work as intended, why not?

    I'm trying to modify some of the udev rules in the Arch wiki to work better for my setup. So I have this as /etc/udev/rules.d/11-media-by-label-auto-mount.rules:
    BUS!=usb, KERNEL!="sd[a-z]*", GOTO="media_by_label_auto_mount_end"
    # Import FS infos
    IMPORT{program}="/sbin/blkid -o udev -p %N"
    # Get a label if present, otherwise specify one
    ENV{ID_FS_LABEL}!="", ENV{dir_name}="%E{ID_FS_LABEL}"
    ENV{ID_FS_LABEL}=="", ENV{dir_name}="usbhd-%k"
    # Global mount options
    ACTION=="add", ENV{mount_options}="noatime,users"
    # Filesystem-specific mount options
    ACTION=="add", ENV{ID_FS_TYPE}=="vfat|ntfs", ENV{mount_options}="$env{mount_options},utf8,gid=100,umask=002"
    # Mount the device
    ACTION=="add", RUN+="/bin/mkdir -p /media/%E{dir_name}", RUN+="/bin/mount -o $env{mount_options} /dev/%k /media/%E{dir_name}"
    # Clean up after removal
    ACTION=="remove", ENV{dir_name}!="", RUN+="/bin/umount -l /media/%E{dir_name}", RUN+="/bin/rmdir /media/%E{dir_name}"
    # Exit
    LABEL="media_by_label_auto_mount_end"
    And it mounts usb sticks just fine. Problem is, I still get a permission denied error when trying to unmount them, despite using the "users" mount option, which is supposed to let *any* user unmount the device.
    So I tried mounting the stick manually with the users option...
    # mount -o users /dev/sdb /mnt
    And still got the error on trying to unmount it:
    $ umount /dev/sdb
    umount: /dev/sdb is not in the fstab (and you are not root)
    So it looks like the users option is not working the way the fstab man page says it should. What am I doing wrong here?
    Edit: the users mount option works fine for CDs. Is there a way to make it work for USB sticks, or am I just stuck?
    Last edited by Gullible Jones (2011-01-07 23:37:01)

    Thanks... Kind of strange, that. Is there a way to use pmount and give unmount permissions for all users, so that I don't have to do the silly mount-as-a-specific-user thing?
    Edit: Oh N/M, just unmounting with pumount works great. Thanks!
    Last edited by Gullible Jones (2011-01-08 00:24:58)

  • Since my last softwareupdate the most of the funktions of the JBL remote control from the micro docking station doesn't work

    Hello mark,
    have you ever heard about the problem, that the remote control auf the JBL micro docking station doesn't work since the softwareupdate from ipod touch 4. gerneration?

    Have you went to the manufacturer's support site or contacted the manufacturer?

  • Could somebody teach me how to set the lastest iTunes so that it repeats just one of the numbers installed from the CD? I've alreadly tried it by clicking "control" and the bottom, but it doesn't work. Thank you.

    Could somebody teach me how to set the latest iTunes so that it repeats just one of the numbers installed from the CD?
    I've already given it a try by clicking "control" and the bottom item which means one item in Japanese, but it doesn't work.
    Thank you.

    You can access the repeat options if you right-click on the shuffle icon or if menus are enabled you can use
    Controls > Repeat > Off | All | One.
    Once the control is visible you can click it to switch between states as before. If the control is turned to off it disappears on the next track change. In contrast the shuffle control remains visible whenever it is appropriate. Hopefully the next release will fix this.
    The bottom one should do it.
    tt2

  • Turned on my iMac and looks like a negative, try using the control, alt command 8 trick but doesn't work.. can someone please help?

    I've tried using control, alt, command 8 to no avail... When I log out of my user name and go to my son's, this doesn't happen?  I'm perplexed?

    It is ⌃⌥⌘ 8 if your Keyboard Shortcut are set to default.
    The System Preference location depends on what OS X you are running..?
    For Snow Leopard and earlier, use or go to System Preferences > Universal Access and select Black on white.
    For Mountain Lion and later, go to System Preferences > Accessibility > Display and uncheck Invert colors.

  • WPC - MIME object in web article with anonymous user doesn't work correctly

    Hi all,
    we have a problem with the Web Page Composer (NW07 SP14 + Patch 01) and contents for anonymous users.
    We have define a site with the following elements: article (with text and jpg), paragraph (with text and pdf link) and a jpg image. All texts and the "standalone" jpg (not used in article/paragraph) are displayed correctly. The jpg in the article and the pdf link does not work correctly ("broken" link, PDF link requires a login name ?).
    The direct image in the website has the following link:
    <server>/irj/go/km/docs/wpccontent/Sites/alogis_v01_home/Site%20Content/graphics/bild01.jpg
    (short url is turned off for error search...)
    The jpg in the article has the following link (this is the same jpg as the previous picture bild01.jpg):
    <server>/irj/servlet/prt/portal/prtroot/docs/guid/10c76155-d8c8-2a10-a4a5-fa0a0c7246fc
    And the PDF link is:
    <server>/irj/servlet/prt/portal/prtroot/docs/guid/707470fb-e3c8-2a10-94b4-972b06419c40
    For anonymous users the last two urls are not reachable. These urls require a login (the first link not). The links work correctly with a registered user, not with an anonymous user.
    Does anybody have an idea? Is there someone who had this problem before and solved it?
    Many thanks in advance.
    Mirko Galetzka

    Hi,
    I'm not sure if you're aware, but there is a 3.0 beta version of Data Modeler.
    You can download it freely from here :
    http://www.oracle.com/technetwork/developer-tools/datamodeler/overview/index.html
    There are many bugs fixed there.

  • Printing as specific user doesn't work

    Hello,
    at the moment we have a problem with Adobe Reader (latest version 11.0.07) on a Windows 7 Professional Domain-PC (x64).
    If the user tries to print a document, nothing happens. The print-processing doesn't appear after clicking on "print". The print-job isn't going through the spooler, it doens't appear in the job list. Event log has no entrys about that.
    We tried different printers and completely different documents. We reinstalled Adobe Reader using the Adobe Cleaner-Tool, deleted the AppData and Temp-Folders.
    What we can say is that it is a user specific problem. When we log on as Administrator or User (non-Administrator) this problem doesn't appear.
    What can we do? We'd be happy about help.
    Best regards

    Hello,
    is there any solution for my Problem?
    Best regards

  • Cache-control on IPlanet 6.0 SP5 doesn't work

    Hi.
    I am desperately trying to set cache-control max-age=0/no-cache to every file that is sent by the IPlanet from a special directory. I used the web console to set /dir/* to no-cache or max-age=0 but althoug the settings are applied and the server is restarted the HTTP header is still not touched in any way.
    I read to changes of SP6 and SP7 but couldn't find anything regarding this problem so I haven't upgraded yet.
    obj.conf says:
    <Object ppath="/var/apps/weblogic/myserver/public_html/mydir/*">
    PathCheck fn="set-cache-control" control="no-cache"
    </Object>
    This is placed directly after the default object.
    Any help is highly appreciated. Thanks a lot,
    Thomas

    There's a big difference between the set-cache-control SAF and the HttpServletResponse.addHeader API. set-cache-control understands the HTTP protocol version in use and, if that version supports Cache-control header fields, adds a Cache-control header. HttpServletResponse.addResponse blindly adds any header you specify.
    If you want to use HttpServletResponse.addHeader to add a Cache-control header to a response in Web Server, you can do so. The meaning of that header isn't defined by the HTTP/1.0 protocol, however.

  • FastCGI "user" doesn't work

    hi,
    i'm running Web Server 7.0U4 on Solaris 10U6. i have several virtual hosts which contain PHP applications using FastCGI, most of which run as the web server user. however, in one particular virtual host, i'd like PHP to run as a different user.
    in the admin console, i can enter a username and group in the FastCGI responder configuration, but the changes aren't saved. if i re-open the configuration, the user field is blank, instead of containing the value i entered.
    i tried to configure this in <vhost>-obj.conf instead:
    Service fn="responder-fastcgi" type="application/x-php" app-path="/opt/php/bin/php-cgi" user="accounts"however, the PHP scripts are still running as the web server user, not the user i specified.
    what am i missing?

    note : if you want to start the fastcgi with a user other than web server runtime user, then you will need to start the server as 'root' . however, there is no any security hole in doing that because web server when started as root spawns another web server process (with the user name as mentioned within config/server.xml) and this is what listens to incoming request.I believe that you are wrong about this Sriram.
    The lineage of the FastCGI process is this:
    webservd-wdog -> webservd -> webservd -> Fastcgistub -> FCGI Process
    On my system WS is configured to run as nobody. The UID order of each of the above processes is:
    root -> root -> nobody -> nobody -> nobody
    The watchdog has root because it binds to privileged ports as needed and "passes" those FDs to its child, the primordial webserver process, as needed.
    The primordial webserver process (which does not handle any requests) is responsible for spawning the worker process in the event of abnormal process terminal. It retains root privileges for much the same reason that watchdog does.
    The worker webserver process (the one that actually does the heavy lifting of being a web server) setuid()s itself to the configured user when the process is created. At this point is has given up privileged access and is now restricted to whatever the privileges are that it is configured to run as. All of its children (Fastcgistub and the FCGI processes themselves) inherit this UID from the worker process. In order for them to setuid() themselves to something else they need to start with a UID that has permission to actually perform a setuid(). Typically "nobody" and "webervd" do not have this permission.
    Read up on CAP_SETUID (I know this is relevant on Linux, but I believe this is a POSIX thing and should apply to other Unices).
    Note that it's also been a long time since I delved into the internals of Web Server. Maybe the inheritance system has changed in ways I'm unfamiliar with. Anyone feel like scrubbing through the Open Web Server code (I know the FastCGI system is in there) to check for certain?

  • CANNOT LOAD FIREFOX-LOOKING FOR PERMISSIONS-GIVES 2 CHOICES 1)USE CURRENT USER-(DOESN'T WORK) 2)USE -ADMINISTRATOR-ASKES FOR PASSWORD (I HAVE NO PASWORD) CAN I BE HELPED

    cannot load firefox. goes thru the run process,that asks for current user or administrator.i click current and it just diappears.the second choice gives me a user name(ADMINISTRATOR). won't accept anything i put in as a password.

    Check that you do not run Firefox as Administrator.<br />
    Right-click the Firefox desktop shortcut and choose "Properties".<br />
    In the Compatibility tab, make sure that Privilege Level: "Run this program as Administrator" is not selected.<br />
    Also check your security software.<br />
    Remove all rules for Firefox from the permissions list in the firewall and let your firewall ask again for permission to get full unrestricted access to internet for Firefox and the plugin-container process.
    See:
    * [[Server not found]]
    * [[Firewalls]]
    * http://kb.mozillazine.org/Browser_will_not_start_up

Maybe you are looking for