Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 9 subscribers
  • Views 5102 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Recent Events for multiple devices showing up under wrong user

Chris Abbey1

Sophos Community, 

Thanks in advance for your guidance. We have recently deployed (last 6 months) Sophos Central, and when trying to identify if a machine had a specific user associated we noticed something troubling. When querying a user account (captured most likely from login, we are not conducting AD Sync), each user account seems to have random device events associated with the account (up to 10 devices). 

So when attempting to look up an event based on user account (again captured by sophos), several other device events are associated, muddying up the water and causing issues with any response efforts we have. 

 

Is there a way to reconcile our events so they align to the actual user account associated with the event and device. Right now any logging from Central is useless as we can't trust that they actually map to the device and or user. 



This thread was automatically locked due to age.
Parents Reply
  • 0 in reply to Barb@Sophos

    In most case no more than two systems (our system support team may log into a much larger amount). 

    The issue is that geographically separated (different networks, out of office) machine events and history are showing up under multiple usernames. There is no rhyme or reason to it as well, and it seems that only a few events align to an unassociated users. 

    I've also reviewed both articles and both do not help our situation. I have opened a ticket with Sophos and have spoken to an Support Team member. I am hoping to hear back today and i'll let everyone know what I find out. 

Children
Unfiltered HTML