PIM Integration with Guardium DAM
Privileged Information Management (PIM) helps organizations to automate and track the use of shared privileged identities and monitor the usage of these shared privileged identities.
The idea is to integrate PIM activity data with Guardium DAM data, in order to allow visibility to the actual user (person) that logged in to the database.
The diagram illustrates the integration.
The main purpose of this integration is:
Provide visibility in the Guardium appliances to PIM data such as Lease history (who used the shared accounts), credentials and databases managed by PIM.
Provide DAM information correlated with PIM information, for example, Guardium can show today's Database user along with actual requests issued by a specific user. This integration will allow use of both the Database user and the actual PIM user that leased the shared ID.
- Installation
Guardium patch (v10.1p103) can be used to install PIM integration functionality. PIM integration can be used on standalone Guardium systems as well as in federated environments.
Note: It is assumed that the PIM activity data is already implemented.
- Follow these steps
Bring data to the Guardium system.
Select a datasource and then select from the Guardium UI:
.Locate and select three PIM predefined tables and, for each one of them, schedule Automatic Data Upload.
Upload PIM tables to Guardium System
If using a Guardium Central Manager, select from the Guardium UI:
. Do this to schedule data distribution from the Central Manager to all managed units.Once data is brought to the managed units, use this CLI command, store pim_correlation_mode, to enable correlation of PIM data with Guardium session data.
CLI command
store pim_correlation_mode
Usage: store pim_correlation <state>
where state is on/off. On is to enable and off is to disable.
Show command
show pim_correlation_mode
To run correlation , select from the Guardium GUI:
.Correlated data can be seen through reports in Access domain
PIM session in Access Domain