SummaryGetting usernames associated with IPs is done through Microsoft Active Directory; no other authentication method will allow for usernames to be mapped to IPs.
OverviewExinda devices can map end users' usernames to IP addresses through communication with Microsoft Active Directory. Through use of the Exinda Active Directory Connector, those audit logs are examined and relevant information is sent to an Exinda appliance when the two have an established connection. More detailed information about how to integrate Active Directory with the Exinda is located here. RADIUS and TACACS+ are supported for allowing users to log in to the Exinda, however they cannot be used in order to show the user-IP correlation. This is due to the fact that an Active Directory perform audit logs, and in those logs is information regarding the IP used for a user login; the AD connector can take this information. Such a Connector has not been made for other authentication methods, even if IP information is logged.
The 'Users' graph in the Exinda is empty be default, as when the Exinda appliances are set up, they do not have any connection information. When the connection is established with the AD Connector, the Users graph will start showing information regarding their activities, based on the IPs that are associated with them in the AD Logs.
When the users' information is populated, the user information will show in the Real Time Monitor, and in the Users' graph. The other graphs will not have data regarding the usernames in them.