Integrating with Verify Privilege Vault Analytics

IBM Security's Verify Privilege Vault Analytics (VP-VA) SaaS product can be integrated with Verify Privilege Manager cloud instances

For the integration to work correctly independent of your Verify Privilege Manager instance, you need to have a IBM Security enabled VP-VA instance.

Refer to the VP-VA Documentation for details on features and functionality of VP-VA.

VP-VA System Settings Details

You will need to retrieve the VP-VA System Settings details required for setting up the integration in Verify Privilege Manager.

  1. Navigate to the PBA Systems Settings page (/system_settings/).

    system settings

  2. Use the Syslog URL and port information when setting up the SysLog Foreign System below. Use the Event Post Url and the X-API-Key when setting up the Send Application Events to PBA below.

Setting Up VP-VA Integration on Verify Privilege Manager

Required VP-VA resources are provided via Verify Privilege Manager Configuration Feeds.

Downloading and Installing the VP-VA Config Feed

  1. In you Verify Privilege Manager console, navigate to Admin | Config Feeds.
  2. Expand Privilege Manager Product Configuration Feeds.
  3. Expand Thycotic Management Server Core.
  4. Install Privileged Behavior Analytics Integration.

After the install, proceed to the Foreign Systems setup.

Setting up the VP-VA SysLog Foreign System

  1. Navigate to Admin | Config and select Foreign Systems.

  2. Select SysLog.

  3. Click Create.

  4. Enter a name and your SysLog server details.

    pba 3

  5. Click Create.

  6. Verify that your Protocol, Host, and Port match your SysLog server details (SysLog URL and SysLog Port from the VP-VA System Settings details).

    pba 4

Using the VP-VA Send Tasks

  1. Navigate to Admin | Tasks and from the folder tree select Server Tasks | Foreign Systems.

  2. Click PBA - SysLog.

    pba 2

  3. For Verify Privilege Manager to send data based on any of these task, the VP-VA SysLog server you created as a Foreign System above, needs to be added as the SysLog System ID. This can either be done

    • On Demand when running the task:

      1. Select a VP-VA Data Send tasks and click Run.

      2. Specify the SysLog System ID.

        pba 5

      3. Click Run Task.

    • By setting up a schedule:

      1. Select a VP-VA Data Send tasks and click View.

      2. Under Parameters specify the SysLog System ID.

      3. Define a Schedule, by clicking New Schedule

        pba 6

      4. Click Save Changes.

    Repeat for each of the data sets you want to use in VP-VA.

Enable Send Application Events to VP-VA

The config feeds installation also add a remote scheduled client command for VP-VA to Verify Privilege Manager. The Send Application Events to PBA policy is by default disabled.

  1. Under your computer Group navigate to Scheduled Jobs.

  2. On the Scheduled Jobs page search for VP-VA and select Send Application Events to PBA.

    pba 7

    • Under Job Settings enter the VP-VA Event Post URL and X-API-Key details from the VP-VA system settings information.
    • Modify the Job Schedule if customization is required.
    • Customize any of the Job Conditions to better fit your implementation.

  3. Click Save Changes.

  4. Set the Inactive switch to Active.

  5. Next to Deployment click the i icon and select the Resource and Collection Targeting Update task to run.