Include User-ID Information in WildFire Logs and Reports

Enable the firewall to match User-ID information with email header information, so that the User-ID for the recipient of a malicious email attachment or link is identified for a WildFire entry.
  1. Select DeviceUser IdentificationGroup Mapping Settings.
  2. Select the desired group mapping profile to modify it.
  3. In the Server Profile tab in the Mail Domains section, populate the Domain List field:
    • Mail Attributes—This field is automatically populated after you fill in the Domain List field and click OK. The attributes are based on your LDAP server type (Sun/RFC, Active Directory, and Novell).
    • Domain List—Enter the list of email domains in your organization using a comma separated list up to 256 characters.
    When email header information is matched to a User-ID, the Recipient User-ID field in the Email Headers section of the detailed log view will link to a filtered ACC for that user or user group.
    email-header.png

Related Documentation