Configuring IBM Security Privileged Identity Manager to communicate with QRadar

To communicate with IBM QRadar, the IBM® Security Privileged Identity Manager DB2® database must have incoming TCP connections enabled.

Procedure

  1. Log in to IBM Security Privileged Identity Manager.
  2. Click the Configure Privileged Identity Manager tab.
  3. In the Manage External Entities pane, select Database Server Configuration.
  4. Double-click the Identity data store row in the Database Server Configuration column.
  5. Record the values for the following parameters. You need these values when you configure a log source in QRadar.
    • Host name
    • Port
    • Database name
    • Database Administrator ID
  6. Important: If you are using ISPIM 2.0.2 FP 6 and later, do not complete this step.
    Create a view in IBM Security Privileged Identity Manager DB2 database in the same schema as identified in the Database Administrator ID parameter, by running the following SQL statement:
    CREATE view V_PIM_AUDIT_EVENT ASSELECT ae.ID, ae.itim_event_category as event_category, ae.ENTITY_NAME, service.NAME service_name, ae.ENTITY_DN, ae.ENTITY_TYPE, ae.ACTION, ae.INITIATOR_NAME, ae.INITIATOR_DN, ae.CONTAINER_NAME, ae.CONTAINER_DN, ae.RESULT_SUMMARY, ae.TIMESTAMP, lease.POOL_NAME, lease.LEASE_DN, lease.LEASE_EXPIRATION_TIME, lease.JUSTIFICATION,ae.COMMENTS, ae.TIMESTAMP2, ae.WORKFLOW_PROCESS_IFROM AUDIT_EVENT aeLEFT OUTER JOIN AUDIT_MGMT_LEASE lease ON (ae.id = lease.event_id)LEFT OUTER JOIN SA_EVALUATION_CREDENTIAL cred ON (LOWER(ae.entity_dn) = LOWER(cred.DN))LEFT OUTER JOIN V_SA_EVALUATION_SERVICE service ON (LOWER(cred.service_dn) = LOWER(service.dn));