Integrating PIM with Guardium DAM

Privileged Information Management (PIM) helps organizations to automate and track the use of shared privileged identities and monitor the usage of these shared privileged identities.

About this task

Integrate PIM activity data with Guardium® Database Activity Monitoring (DAM) data to:

• Provide visibility in the Guardium appliances to PIM data such as lease history (who used the shared accounts), credentials, and databases managed by PIM.
• Provide DAM information correlated with PIM information. For example, Guardium can display the current database user along with actual requests that are issued by a specific user. This integration enables the use of both the database user and the actual PIM user that leased the shared ID.

The following diagram illustrates the integration.

Guardium patch (v10.1p103) can be used to install PIM integration functionality. PIM integration can be used on stand-alone Guardium systems and in federated environments.

Note: It is assumed that the PIM activity data is already implemented.

1. After you bring data to the Guardium system, select a data source and then in the Guardium UI, click Reports > Report Configuration Tool > Custom Table Builder.
2. Locate and select three PIM predefined tables and for each one of them, schedule automatic data upload.
   If using a Guardium central manager, click Manage > Central Manager > PIM Data Distribution to schedule data distribution from the Central Manager to all managed units.
3. After data is brought to the managed units, run the following CLI command to enable correlation of PIM data with Guardium session data.

   store pim_correlation_mode

   Usage:

   store pim_correlation <state>

   where state is on/off.

   Show command:

   show pim_correlation_mode

4. To run correlation, click Comply > Custom Reporting > PIM data correlation.
   You can view the correlated data through reports in the Access domain. For more information, see PIM Session Entity.