Configuring IBM Security Privileged Identity Manager to communicate with QRadar
To communicate with IBM QRadar, the IBM® Security Privileged Identity Manager DB2® database must have incoming TCP connections enabled.
Procedure
- Log in to IBM Security Privileged Identity Manager.
- Click the Configure Privileged Identity Manager tab.
- In the Manage External Entities pane, select Database Server Configuration.
- Double-click the Identity data store row in the Database Server Configuration column.
-
Record the values for the following parameters. You need these values when you configure a log
source in QRadar.
- Host name
- Port
- Database name
- Database Administrator ID
-
Important: If you are using ISPIM 2.0.2 FP 6 and later, do not complete this step.Create a view in IBM Security Privileged Identity Manager DB2 database in the same schema as identified in the Database Administrator ID parameter, by running the following SQL statement:
CREATE view V_PIM_AUDIT_EVENT ASSELECT ae.ID, ae.itim_event_category as event_category, ae.ENTITY_NAME, service.NAME service_name, ae.ENTITY_DN, ae.ENTITY_TYPE, ae.ACTION, ae.INITIATOR_NAME, ae.INITIATOR_DN, ae.CONTAINER_NAME, ae.CONTAINER_DN, ae.RESULT_SUMMARY, ae.TIMESTAMP, lease.POOL_NAME, lease.LEASE_DN, lease.LEASE_EXPIRATION_TIME, lease.JUSTIFICATION,ae.COMMENTS, ae.TIMESTAMP2, ae.WORKFLOW_PROCESS_IFROM AUDIT_EVENT aeLEFT OUTER JOIN AUDIT_MGMT_LEASE lease ON (ae.id = lease.event_id)LEFT OUTER JOIN SA_EVALUATION_CREDENTIAL cred ON (LOWER(ae.entity_dn) = LOWER(cred.DN))LEFT OUTER JOIN V_SA_EVALUATION_SERVICE service ON (LOWER(cred.service_dn) = LOWER(service.dn));