Include User-ID Information in WildFire Logs and Reports

Enable the firewall to match User-ID information with email header information, so that the User-ID for the recipient of a malicious email attachment or link is identified for a WildFire entry.
  1. Select
    Device
    User Identification
    Group Mapping Settings
    .
  2. Select the desired group mapping profile to modify it.
  3. In the
    Server Profile
    tab in the Mail Domains section, populate the
    Domain List
    field:
    • Mail Attributes
      —This field is automatically populated after you fill in the
      Domain List
      field and click
      OK
      . The attributes are based on your LDAP server type (Sun/RFC, Active Directory, and Novell).
    • Domain List
      —Enter the list of email domains in your organization using a comma separated list up to 256 characters.
    When email header information is matched to a User-ID, the
    Recipient User-ID
    field in the
    Email Headers
    section of the detailed log view will link to a filtered ACC for that user or user group.
    email-header.png

Recommended For You