Identity Collector - Alias Feature

Sometimes, a Domain Controller sends events with domain names that are not the NetBIOS or the FQDN names. When this occurs, the Identity Awareness Check Point Software Blade on a Security Gateway that enforces network access and audits data based on network location, the identity of the user, and the identity of the computer. Acronym: IDA. Gateway does not know the domain and drops the association. The Alias feature of the Identity Collector Check Point dedicated client agent installed on Windows Servers in your network. Identity Collector collects information about identities and their associated IP addresses and sends it to the Check Point Security Gateways for identity enforcement, you can download the Identity Collector package from the Support Center. resolves this issue.

To enable the Alias feature on the Identity Collector client computer:

1. Go to this folder:

   C:\ProgramData\CheckPoint\IdentityCollector\

2. Create a new configuration file:

   DomainDictionaryAliases.cfg

3. The structure of the configuration file must follow this pattern:

   < name from which to convert >=< name to which to convert >

   Notes There is no space between the equal sign and the name of the domain or the alias name. Each line shows one conversion.

   Example:

   If the nickname of "something.com" is "someone", add this line in the file: someone=something.com

   This way, if an event contains the "someone" domain, the domain name changes to "something.com".

4. Save the changes in the file.

5. Restart the Identity Collector service:

   • Service Name - IDCService

   • Service Display Name - Check Point Identity Collector