Follow

How to configure Active Directory(AD) integration on Vectra Detect Appliances

Feature Description

Starting with Appliance version 5.2 Vectra introduced Active Directory Integration to assist in Host and Account identification.

New features
Active Directory Context for Accounts and Hosts

You can now integrate Cognito Detect with your Active Directory service to assist in
the identification of Hosts and Accounts on your network. Enabling this feature will
provide Active Directory contexts, such as group membership, organization, and
password-expiry status for Accounts; and owner, operating system, and machine
information for Hosts. Active Directory Context can be found under individual Account
and Host Details tabs and is configured on the External Connectors tab under Settings
in Cognito Detect.

Microsoft Active Directory Attributes used by the Vectra Active Directory integration
Accounts  distinguishedName, cn, description, objectClass, displayName,
userPrincipleName, objectSid, department, l, telephoneNumber,
pwdLastSet, location, manager, memberOf, mail, title
Hosts distinguishedName, cn, description, objectClass, displayName,
userPrincipleName, objectSid, department, l, telephoneNumber,
pwdLastSet, location, manager, memberOf, mail, title, dNSHostName,
managedBy, machineRole, operatingSystem, networkAddress,
physicalLocationObject, nETBIOSName, servicePrincipalName,
macAddress
Accounts (Lockdown) The Active Directory query account requires read and write permissions on the userAccountControl attribute. 

Full Release notes: https://support.vectranetworks.com/hc/en-us/articles/360037897533-Vectra-Cognito-5-2-Release-Notes

 

Active Directory LockDown Feature: https://support.vectranetworks.com/hc/en-us/articles/360039273494-How-to-configure-Active-Directory-AD-integration-on-Vectra-Detect-Appliances

Configuration Instructions

Log into the brain using the vectra user and password.

Go to Settings -> External Connectors 

mceclip0.jpg

Click the Edit button next to Enable integration with an Active Directory LDAP Profile to display more host and account information. 

mceclip1.png
Click on "Enable integration with Active Directory LDAP Profile..."
mceclip2.png

 

Fields Description:

Vectra Account Bind DNobject inside AD that you bind to for permissions to perform queries.
Example:
BindDn: CN=myuser,OU=Special Accounts,DC=mydomain,DC=org
Active Directory password: password associated with the above object
USE TLS(STARTTLS): Enable secure (encrypted) communication 
URI: LDAP URI 
Example:
ldap.mydomain.org
Base DN: Location from where a server will search for objects
Example:
BaseDn: DC=mydomain,DC=org
Query Timeout:  Set the amount of time (in seconds) to wait before timing out a query.
Connection Timeout: Set the amount of time (in seconds) to wait before timing out an idle connection to AD.
Was this article helpful?
3 out of 3 found this helpful

Download PDF

Have more questions? Submit a request

0 Comments

Article is closed for comments.