Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    IBM Security Privileged Identity Manager

    The JSA DSM for IBM® Security Privileged Identity Manager collects events from IBM® Security Privileged Identity Manager devices.

    The following table identifies the specifications for the IBM® Security Privileged Identity Manager DSM:

    Table 1: IBM Security Privileged Identity Manager DSM Specifications

    Specification

    Value

    Manufacturer

    IBM®

    DSM name

    IBM® Security Privileged Identity Manager

    RPM file name

    DSM-IBMSecurityPrivilegedIdentityManager-Qradar_version-build_number.noarch.rpm

    Supported versions

    V2.0

    Protocol

    JDBC

    Recorded event types

    Audit

    Authentication

    System

    Automatically discovered?

    No

    Includes identity?

    No

    Includes custom properties?

    No

    More information

    IBM Security Privileged Identity Manager website (http://www-03.ibm.com/software/products/en/pim/)

    To collect events from IBM® Security Privileged Identity Manager, complete the following steps:

    1. If automatic updates are not enabled, download and install the most recent version of the following RPMs on your JSA console:

      • JDBC Protocol RPM

      • IBM® Security Privileged Identity Manager DSM RPM

    2. Collect information from the IBM® Security Privileged Identity Manager web user interface.

    3. Add an IBM® Security Privileged Identity Manager log source on the JSA Console. The following table describes the parameters that require specific values for IBM® Security Privileged Identity Manager event collection:

      Table 2: IBM Security Privileged Identity Manager Log Source Parameters

      Parameter

      Value

      Log Source type

      IBM® Security Privileged Identity Manager

      Protocol Configuration

      JDBC

      Log Source Identifier

      <DATABASE@HOSTNAME>

      Database Type

      DB2®

      Database Name

      Must match the value in the Database name field in IBM® Security Privileged Identity Manager.

      IP or Hostname

      Must match the value in the Hostname field in IBM® Security Privileged Identity Manager.

      Port

      Must match the value in the Port field in IBM® Security Privileged Identity Manager.

      Username

      Must match the value in the Database administrator ID field in IBM® Security Privileged Identity Manager.

      Predefined Query

      None

      Table Name

      DB2ADMIN.V_PIM_AUDIT_EVENT

      Replace DB2ADMIN with the actual database schema name as identified in the Database Administrator ID parameter in IBM® Security Privileged Identity Manager.

      Select List

      *

      Compare Field

      TIMESTAMP

      Use Prepared Statements

      Select this check box.

      Start Date and Time

      Initial date/time for the JDBC retrieval.

      Polling Interval

      10

      EPS Throttle

      20000

    Configuring IBM Security Privileged Identity Manager

    To configure a log source in JSA, you must record some information from IBM® Security Privileged Identity Manager.

    To communicate with JSA, the IBM® Security Privileged Identity Manager DB2® database must have incoming TCP connections enabled.

    1. Log in to IBM® Security Privileged Identity Manager.
    2. Click the Configure Privileged Identity Manager tab.
    3. In the Manage External Entities pane, select Database Server Configuration.
    4. Double-click the Identity data store row in the Database Server Configuration column.
    5. Record the values for the following parameters:
      • Host name

      • Port

      • Database name

      • Database Administrator ID

    6. To create a view in IBM® Security Privileged Identity Manager DB2® database in the same schema as identified in the Database Administrator ID parameter, run the following SQL statement:
      CREATE view V_PIM_AUDIT_EVENT 
      AS
      SELECT 
      ae.ID, ae.itim_event_category as event_category, ae.ENTITY_NAME, service.NAME service_name, 
      ae.ENTITY_DN, ae.ENTITY_TYPE, 
      ae.ACTION, ae.INITIATOR_NAME, ae.INITIATOR_DN, ae.CONTAINER_NAME, ae.CONTAINER_DN, 
      ae.RESULT_SUMMARY, ae.TIMESTAMP, 
      lease.POOL_NAME, lease.LEASE_DN, lease.LEASE_EXPIRATION_TIME, lease.JUSTIFICATION,
      ae.COMMENTS, ae.TIMESTAMP2, ae.WORKFLOW_PROCESS_ID
      FROM AUDIT_EVENT ae
      LEFT OUTER JOIN AUDIT_MGMT_LEASE lease ON (ae.id = lease.event_id)
      LEFT OUTER JOIN SA_EVALUATION_CREDENTIAL cred ON (LOWER(ae.entity_dn) = LOWER(cred.DN))
      LEFT OUTER JOIN V_SA_EVALUATION_SERVICE service ON (LOWER(cred.service_dn) = LOWER(service.dn));

    Adding a Log Source

    Modified: 2017-09-13