SOLVED

Cloud Discovery - No Users showing up

Copper Contributor

Hi everyone, I’m using CloudApp Security with a Cisco ASA and Firepower logs being sent to the MCAS. I also have Azure ATP deployed and working.

My question, In CloudApp, under Cloud Discovery. The dashboard, Discovered App and IP Address dashboards are all populated but NOTHING under users.

What data feeds populates the user’s dashboard under Cloud DiscoveryNo Users.PNG

3 Replies
best response confirmed by ThomasTurner (Copper Contributor)
Solution

@ThomasTurner You need to check what data can be obtained from those devices.  For example what is in the logs that you extract from them.  A number of devices do not show user data.  For example FortiNet Firewalls do not sure which user it is.  If it's a perimeter firewall device this might not sure that level of information native on that device.  Some Firewalls only care about IP addresses.

 

It could also be what information is obtained from the device.  Try a manual snapshot and examine the columns.

@ThomasTurner I'm having the same issue, did you ever get this working?

@ThomasTurner it looks like Cisco ASA and Firepower should show all user data in the supported firewalls article https://docs.microsoft.com/en-us/cloud-app-security/set-up-cloud-discovery

 

However under Cisco ASA it does say you need to turn the information level up-to 6.  I'm not sure this is the case for Cisco ASA with the FirePower module but it might be worth trying.  Or alternatively opening a support request with Microsoft support.

 

Sorry I can't be much more help.

1 best response

Accepted Solutions
best response confirmed by ThomasTurner (Copper Contributor)
Solution

@ThomasTurner You need to check what data can be obtained from those devices.  For example what is in the logs that you extract from them.  A number of devices do not show user data.  For example FortiNet Firewalls do not sure which user it is.  If it's a perimeter firewall device this might not sure that level of information native on that device.  Some Firewalls only care about IP addresses.

 

It could also be what information is obtained from the device.  Try a manual snapshot and examine the columns.

View solution in original post