From Palo Alto Networks ALG Security Technical Implementation Guide
Part of SRG-NET-000131-ALG-000085
Associated with: CCI-000381
User-ID can use Windows Management Instrumentation (WMI) probing as a method of mapping users to IP addresses. If this is used, the User-ID Agent will send a probe to each learned IP address in its list to verify that the same user is still logged in. The results of the probe will be used to update the record on the agent and then be passed on to the firewall. WMI probing is a Microsoft feature that collects user information from Windows hosts, and contains a username and encrypted password hash of a Domain Administrator account.
Ask the Administrator if User-ID uses WMI Probing; if it does, this is not a finding. Go to Device >> User Identification On the "User Mapping" tab, in the "Palo Alto Networks User ID Agent" pane, view the "Enable Probing" check box. If it is selected, this is a finding.
To disable WMI probing if it is not used: Go to Device >> User Identification On the "User Mapping" tab, in the "Palo Alto Networks User ID Agent" pane, view the "Enable Probing" check box. If it is selected, select the "Edit" icon in the upper-right corner of the pane. In the "Palo Alto Networks User ID Agent Setup" window, in the "Client Probing" tab, deselect the "Enable Probing" check box.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer