Highlighted
Absent Member.
Absent Member.
1262 views

Connector Settings clarification- Domain, User Name, Active Directory etc

Jump to solution

Hi,

I have taken over an Arcsight implementation with limited experience in the management of the backend.  Most of the Connectors were set up before I got here.  I have only had a hand in setting up a SEP and AIX connector, so no Windows connectors at this point.  We currently have 6 Windows unified connectors set up to glean security log data only.  In looking at the configuration wizard for these connectors, I'm a little confused about some of the parameters and what they are used for. 

In part of the configuration, it asks for the Domain Name, Domain User Name, Domain User Password, Active Directory Server, Active Directory User Name, etc etc.  When you get to the screen to add windows hosts, it also asks for the Domain Name, the  Host Name, the User Name, and Password.


On our Connectors, we have a disparity going on between what's in these fields.  For example, we have one connector that has a fqdn domain listed in the first Domain Name that isn't the domain that the host's are in with an account listed that doesn't even exist in that domain, but with an active directory server for that domain, and then it has no Domain Name listed in the Hosts table and no User Name, but it has a password listed.  I checked, and we are definitely receiving security logs from this connector.

Then we have another connector that's set up with the first Domain Name as just the base name of the domain, but without the .com or anything, and it has the IP address listed as the Active Directory Server and a user name and password that is in that domain, and then there is no Domain Name listed in the Hosts table, but it does have the same user name and password that is on the first configuration page for the Smartconnector.

Then we have another one that have the fqdn, a proper Domain User Name and Password and the fqdn of the AD server with the same AD user name and password as the other one, but again no Domain Name, no User name, but does have a password defined.

Can someone tell me exactly what these fields are used for on Windows Unified connectors, and how they are supposed to be set up.

Labels (1)
0 Likes
Reply
1 Solution

Accepted Solutions
Absent Member.
Absent Member.

Re: Connector Settings clarification- Domain, User Name, Active Directory etc

Jump to solution

Yes just leave that page the defaults. See the screenshot I have attached.

View solution in original post

0 Likes
Reply
6 Replies
Highlighted
Absent Member.
Absent Member.

Re: Connector Settings clarification- Domain, User Name, Active Directory etc

Jump to solution

I always just leave those fields default and then populate the hosts table with the correct domain. You can just continue on that screen with the default entries.

0 Likes
Reply
Highlighted
Absent Member.
Absent Member.

Re: Connector Settings clarification- Domain, User Name, Active Directory etc

Jump to solution

The default is that everything is blank.  Are you saying to just leave that first whole part blank and just put everything in the Host Table? 

0 Likes
Reply
Absent Member.
Absent Member.

Re: Connector Settings clarification- Domain, User Name, Active Directory etc

Jump to solution

Yes just leave that page the defaults. See the screenshot I have attached.

View solution in original post

0 Likes
Reply
Highlighted
Absent Member.
Absent Member.

Re: Connector Settings clarification- Domain, User Name, Active Directory etc

Jump to solution

Thanks that works.  I'd still like to know what the purpose of all of these settings are for.  I'm guessing you would put in the initial settings if all of your servers on that connector are going to be in the same domain so you don't have to put in each domain individually on the host table.  Does that sound right?  It would be the same for the user name and password for the domain as well, i'm guessing.

What I don't understand is what the AD settings are for on that page.  Could you or someone else clarify what I have stated as well as give clarification on the AD settings?  Thanks.

0 Likes
Reply
Highlighted
Absent Member.
Absent Member.

Re: Connector Settings clarification- Domain, User Name, Active Directory etc

Jump to solution

The active directory information is mostly for the host browsing feature which most people don't use. Check out page 24 of the PDF I attached.

0 Likes
Reply
Highlighted
Absent Member.
Absent Member.

Re: Connector Settings clarification- Domain, User Name, Active Directory etc

Jump to solution

Thanks for your help, Justin.  I was able to get setup what I needed with this info.  Thanks much.

0 Likes
Reply
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.