Auditing and Monitoring Integration with Delinea Platform

This feature is currently available only to customers participating in a private preview. If you'd like to participate to be among the first to try this feature, ask our support or account team for details.

This page describes the procedures you need to follow to install, configure, and use the Audit Collector to upload session recordings and activity to the Delinea Platform. In this way, you can store and view user sessions in the Delinea Platform instead of a local storage database.

Setting Up Platform Engine and Audit Collector

This section describes how to set up the Delinea Platform Engine and Audit Collector, both required to send recorded sessions to the Delinea Platform.

You need to create a service account for the Audit Collector. The Audit Collector needs this account to create the AD audit store objects. After the AD audit store objects are created, the service account is no longer needed. For more information about the permissions the Audit Collector requires, see Audit Collector Account Permissions.

Part of the procedure involves enabling the Audit Collector's Share Secret setting. For more information about secrets, see Using Secrets on the Platform.

The procedure varies depending on whether you are performing a new Platform Engine installation or adding the Audit Collector to an existing Platform Engine installation.

To perform a new Platform Engine installation:

  1. Open the Engine Management page (use the Search bar to find it).

  2. If a new site is required:

    1. Click Create site.

    2. Give the new site a name and click Save.

      The new site appears in the Sites list.

  3. Click the site and select the Settings tab.

  4. In the Audit Collector section, click Edit and make the following settings:

    1. Ensure the Session Recording checkbox is selected.

    2. Select Vaulted Account.

    3. Select Turn off folder inheritance and Share Secret.

    4. Click Save.

  5. Select the Engines tab and click Add engine. Make the following settings:

    1. In Operating system, select Windows.

    2. In Capabilities, select Audit Collector.

  6. Click Generate script.

  7. Click Copy script to the clipboard.

  8. On the machine where you are installing the Audit Collector, open Powershell as Administrator.

  9. Paste the script that you copied earlier and run it.

  10. Wait for the engine to download, install, and register in the platform.

To add Audit Collector to an existing Platform Engine installation:

  1. Open the Engine Management page (use the Search bar to find it).

  2. Select the site with the engine where you want to add the collector.

  3. Select the Settings tab.

  4. In the Audit Collector section, click Edit and make the following settings:

    1. Ensure the Session Recording checkbox is selected.

    2. Select Vaulted Account.

    3. Select Turn off folder inheritance and Share Secret.

    4. Click Save.

  5. Select the Engines tab and choose the engine.

  6. Select the Capabilities tab.

  7. Select Add Capabilities, then Audit Collector.

  8. Wait for the Audit Collector capability to appear in the Workloads tab.

Configuring Agents to Use the Platform

To route audited sessions to the Delinea Platform, you must configure agents to use the platform. The procedure depends on your operating system.

To configure a Linux agent:

  1. Log in to the endpoint with an account that has the permissions to change the audit installation.

  2. With root permissions, run the following commands: 

    daflush
dacontrol -i DelineaPlatformAudit
dareload 
dainfo

  3. Check to see if the agent finds the collector and is communicating with the new collector. The following command shows information about the status of the audit agent:

    dainfo

    The output of this command should be similar to the following:

    Pinging adclient: adclient is available
Daemon status:    Online
Current installation: 'DelineaPlatformAudit' (configured locally)
Current collector: ENGINE:HOST
Session offline store size:     83.00 Bytes
Despool rate:                   0.00 Bytes/second
Audit trail offline store size: 0.00 Bytes
Getting offline database information:
   Size on disk: 9.50 KB
   Database filesystem use: 2.40 GB used, 16.93 GB total, 14.52 GB free
DirectAudit NSS module: Active
DirectAudit advanced monitoring: Disabled
DirectAudit desktop monitoring: Disabled

    Troubleshooting: If the DelineaPlatformAudit installation is not shown in the output, run dareload again.

Audited sessions are now being sent to the Delinea Platform.

To configure a Windows agent:

  1. Log in to the Windows server with local administrator rights.

  2. Open the Delinea Agent Configuration.

  3. Select the Auditing and Monitoring Service.

  4. Select Settings.

  5. Select Configure.

  6. In Color Quality, click Next.

  7. In Offline Location, click Next.

  8. In Setup DirectAudit Installation, select DelineaPlatformAudit.

  9. Click Next.

  10. Click Finish.

Audited sessions are now being sent to the Delinea Platform.