cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Cloud Discovery - No Users showing up

ThomasTurner
Copper Contributor

‎Jul 10 2019 06:42 AM

‎Jul 10 2019 06:42 AM

Cloud Discovery - No Users showing up

Hi everyone, I’m using CloudApp Security with a Cisco ASA and Firepower logs being sent to the MCAS. I also have Azure ATP deployed and working.

My question, In CloudApp, under Cloud Discovery. The dashboard, Discovered App and IP Address dashboards are all populated but NOTHING under users.

What data feeds populates the user’s dashboard under Cloud DiscoveryNo Users.PNG

2,332 Views
2 Likes
3 Replies
Reply
3 Replies
best response confirmed by ThomasTurner (Copper Contributor)
Matthew Fooks

‎Jul 16 2019 03:26 AM

‎Jul 16 2019 03:26 AM

Solution

Re: Cloud Discovery - No Users showing up

@ThomasTurner You need to check what data can be obtained from those devices.  For example what is in the logs that you extract from them.  A number of devices do not show user data.  For example FortiNet Firewalls do not sure which user it is.  If it's a perimeter firewall device this might not sure that level of information native on that device.  Some Firewalls only care about IP addresses.

 

It could also be what information is obtained from the device.  Try a manual snapshot and examine the columns.

0 Likes
Reply
pc299

‎Nov 06 2019 09:28 AM

‎Nov 06 2019 09:28 AM

Re: Cloud Discovery - No Users showing up

@ThomasTurner I'm having the same issue, did you ever get this working?

0 Likes
Reply
Matthew Fooks

‎Nov 07 2019 10:15 AM

‎Nov 07 2019 10:15 AM

Re: Cloud Discovery - No Users showing up

@ThomasTurner it looks like Cisco ASA and Firepower should show all user data in the supported firewalls article https://docs.microsoft.com/en-us/cloud-app-security/set-up-cloud-discovery

 

However under Cisco ASA it does say you need to turn the information level up-to 6.  I'm not sure this is the case for Cisco ASA with the FirePower module but it might be worth trying.  Or alternatively opening a support request with Microsoft support.

 

Sorry I can't be much more help.

0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by ThomasTurner (Copper Contributor)
Matthew Fooks

‎Jul 16 2019 03:26 AM

‎Jul 16 2019 03:26 AM

Solution

Re: Cloud Discovery - No Users showing up

@ThomasTurner You need to check what data can be obtained from those devices.  For example what is in the logs that you extract from them.  A number of devices do not show user data.  For example FortiNet Firewalls do not sure which user it is.  If it's a perimeter firewall device this might not sure that level of information native on that device.  Some Firewalls only care about IP addresses.

 

It could also be what information is obtained from the device.  Try a manual snapshot and examine the columns.

View solution in original post

0 Likes
Reply