PIM Integration with Guardium DAM

Privileged Information Management (PIM) helps organizations to automate and track the use of shared privileged identities and monitor the usage of these shared privileged identities.

The idea is to integrate PIM activity data with Guardium DAM data, in order to allow visibility to the actual user (person) that logged in to the database.

The diagram illustrates the integration.

PIM overview

The main purpose of this integration is:

  • Provide visibility in the Guardium appliances to PIM data such as Lease history (who used the shared accounts), credentials and databases managed by PIM.

  • Provide DAM information correlated with PIM information, for example, Guardium can show today's Database user along with actual requests issued by a specific user. This integration will allow use of both the Database user and the actual PIM user that leased the shared ID.

Installation

Guardium patch (v10.1p103) can be used to install PIM integration functionality. PIM integration can be used on standalone Guardium systems as well as in federated environments.

Note: It is assumed that the PIM activity data is already implemented.
Follow these steps
  1. Bring data to the Guardium system.

    Select a datasource and then select from the Guardium UI: Reports > Report Configuration Tool > Custom Table Builder.

    Locate and select three PIM predefined tables and, for each one of them, schedule Automatic Data Upload.

    Upload PIM tables to Guardium System

    Upload PIM tables to Guardium System

    If using a Guardium Central Manager, select from the Guardium UI: Manage > Central Manager > PIM Data Distribution. Do this to schedule data distribution from the Central Manager to all managed units.

  2. Once data is brought to the managed units, use this CLI command, store pim_correlation_mode, to enable correlation of PIM data with Guardium session data.

    CLI command

    store pim_correlation_mode

    Usage: store pim_correlation <state>

    where state is on/off. On is to enable and off is to disable.

    Show command

    show pim_correlation_mode

  3. To run correlation , select from the Guardium GUI:Comply > Custom Reporting > PIM data correlation.

    Correlated data can be seen through reports in Access domain

    PIM session in Access Domain

    PIM session in Access Domain