Configuring a secret server to access PAM (Privileged Access Management) data

Connect to a secret server so you can correlate PAM data with database events, and identify the user behind a Risk Event.

Before you begin

To see the various settings, open the main menu. Open this menu by clicking the main menu icon (main menu)) After opening the menu, select Integrations and then select the IBM® Security Verify Privilege Vault card.

About this task

In a PAM solution, users must check out privileged accounts to use them. For example, a database administrator wants to update a table in a database. The user checks out the credentials from the PAM solution, and then uses them on the database. The PAM solution tracks who is using the credentials (who) and the time frame (when). Guardium® Insights can connect to a secret server and correlate PAM data with database events, and identify the potential threat actor.

Procedure

  1. After reading the About information, click Next.
  2. Enter a unique name for the integration in the Name field.
  3. Server URL: secret server IP address that uses a TLS connection that starts with HTTPS only. For example,
    • https://your.company.com/SecretServer
    • https://your.company.com:8443/SecretServer
  4. Username: Secret server admin user or a user with the admin role.
  5. Password: Secret server admin password.
  6. Optional: Public SSL certificate: Enter the server certificate details (to learn how to obtain an SSL certificate, see Obtaining an SSL certificate).
  7. PAM activity query time range: Set the time range for query from the Thycotic database. The default PAM query duration, the time interval for which the secret server returns details of privileged accounts check-out, is 2 hours.
  8. Include personal folders: Secrets are typically stored in common folders - but could also be stored in personal folders. If this check box is selected, personal folders will be included when checking for secrets.
  9. Click Finish.
  10. In the Authentication details tile, click Test connection to test the connection.

Results

The secret server connection can be used when you investigate Risk Events. For more information, see Viewing and managing a Risk Event.