Jul 10 2019 06:42 AM
Hi everyone, I’m using CloudApp Security with a Cisco ASA and Firepower logs being sent to the MCAS. I also have Azure ATP deployed and working.
My question, In CloudApp, under Cloud Discovery. The dashboard, Discovered App and IP Address dashboards are all populated but NOTHING under users.
What data feeds populates the user’s dashboard under Cloud Discovery
Jul 16 2019 03:26 AM
Solution@ThomasTurner You need to check what data can be obtained from those devices. For example what is in the logs that you extract from them. A number of devices do not show user data. For example FortiNet Firewalls do not sure which user it is. If it's a perimeter firewall device this might not sure that level of information native on that device. Some Firewalls only care about IP addresses.
It could also be what information is obtained from the device. Try a manual snapshot and examine the columns.
Nov 06 2019 09:28 AM
@ThomasTurner I'm having the same issue, did you ever get this working?
Nov 07 2019 10:15 AM
@ThomasTurner it looks like Cisco ASA and Firepower should show all user data in the supported firewalls article https://docs.microsoft.com/en-us/cloud-app-security/set-up-cloud-discovery
However under Cisco ASA it does say you need to turn the information level up-to 6. I'm not sure this is the case for Cisco ASA with the FirePower module but it might be worth trying. Or alternatively opening a support request with Microsoft support.
Sorry I can't be much more help.
Jul 16 2019 03:26 AM
Solution@ThomasTurner You need to check what data can be obtained from those devices. For example what is in the logs that you extract from them. A number of devices do not show user data. For example FortiNet Firewalls do not sure which user it is. If it's a perimeter firewall device this might not sure that level of information native on that device. Some Firewalls only care about IP addresses.
It could also be what information is obtained from the device. Try a manual snapshot and examine the columns.