Change Sophos Heartbeat-Userdomain?

Hi there,

we've client with Sophos Intercept X installed and figuring the Heartbeat-Feature within our Sophos XG 135 out.

My "problem" is, that our Windows Clients are recognized as "username@domain.tld", if i view the "Current activities" in the Sophos XG WebGUI.
We sync our users from Microsoft AD to the Sophos - with our internal domain name "username@intern.domain.local"; this Users has also attached a MFA and used to connect by SSLVPN.

Because of the heartbeat, the Sophos XG created ~120 new Sophos useraccounts with @domain.tld - i would like to merge or delete them, so that the reports and so on are correct.

Is it possible to change the Domainname, that Sophos Intercept X is sending to Sophos Central? If i could change that to @intern.domain.local, the existing users would be matched.

Thanks in advance,

Bastian



Added tags
[edited by: Gladys at 3:27 PM (GMT -8) on 4 Mar 2024]
Parents
  • Hi there,

    so, it's not possible to change the userdomain, which is reported back by Sophos Heartbeat into my XG.

    Actual, there are two Users created for each unique employee: One "username" by Sophos Heartbeat (see pictures), and one user "username@intern.domain.tld" by our AD Sync. The last one is also used for SSL VPN.

    My goal is to merge these users - so that i have a unique user per employee within the XG.

    The current activities look like these:

    I've setup two AD Authentication Servers for DC1 and DC2 with the same AD-Domainname:

    My active remote users looks the following:

    As LuCar Toni said, i can't change the Userdomain of the Sophos Heartbeat-Users. So i would have to change my AD-Sync and maybe have to create new MFA for our AD-Users; but the users from Sophos Heartbeat don't have a user domain within their username.

    How i could change my AD-Sync, so that the synced user don't carry "intern.domain.tld" within their username?

    Thanks in advance,

    Bastian

Reply
  • Hi there,

    so, it's not possible to change the userdomain, which is reported back by Sophos Heartbeat into my XG.

    Actual, there are two Users created for each unique employee: One "username" by Sophos Heartbeat (see pictures), and one user "username@intern.domain.tld" by our AD Sync. The last one is also used for SSL VPN.

    My goal is to merge these users - so that i have a unique user per employee within the XG.

    The current activities look like these:

    I've setup two AD Authentication Servers for DC1 and DC2 with the same AD-Domainname:

    My active remote users looks the following:

    As LuCar Toni said, i can't change the Userdomain of the Sophos Heartbeat-Users. So i would have to change my AD-Sync and maybe have to create new MFA for our AD-Users; but the users from Sophos Heartbeat don't have a user domain within their username.

    How i could change my AD-Sync, so that the synced user don't carry "intern.domain.tld" within their username?

    Thanks in advance,

    Bastian

Children
No Data