Integrating ArcSight SIEM with Cloud Suite

ArcSight SIEM is a comprehensive security information and event management platform that collects, analyzes, and correlates security events from various sources. It provides real-time monitoring, threat detection, incident response, and compliance reporting capabilities.

The integration between Delinea Cloud Suite Privilege Access Management (PAS) and ArcSight SIEM enhances organizations' ability to monitor and respond to privileged access-related security events. It provides a centralized view of privileged access activities, improves incident detection and response capabilities, and supports compliance efforts.

Integration Keynotes:

  • Event Collection: Delinea Cloud Suite generates various PAM events, such as privileged account logins, privilege elevation requests, password checkouts, and privileged session activities. These events capture important details about privileged access activities within Delinea Cloud Suite Privilege Access Management (PAS).

  • Event Forwarding: Delinea Cloud Suite securely forwards the PAM events to the ArcSight SIEM platform. This can be done using industry-standard protocols like Syslog or by leveraging dedicated connectors or agents provided by both Centrify and ArcSight.

  • Event Parsing and Normalization: ArcSight SIEM parses and normalizes the incoming PAM events from Delinea Cloud Suite. It extracts relevant information such as event type, timestamp, user identity, source IP, and action details. This process ensures that the data is in a standardized format for further analysis and correlation.

  • Event Correlation and Analysis: ArcSight SIEM correlates the Delinea Cloud Suite events with other security events from various sources, such as firewalls, intrusion detection systems (IDS), and endpoint protection solutions. This correlation helps identify potential security incidents, patterns of behavior, and threats related to privileged access.

  • Real-time Monitoring and Alerting: ArcSight SIEM provides real-time monitoring capabilities to detect and alert suspicious activities or policy violations related to Delinea Cloud Suite events. Security teams can define rules and thresholds to trigger alerts based on specific conditions, allowing for timely incident response.

  • Incident Investigation and Response: ArcSight SIEM offers comprehensive investigation and analysis tools to facilitate incident response. Security teams can drill down into Delinea Cloud Suite events, correlate them with other relevant security events, and perform forensic analysis to understand the scope and impact of potential security incidents.

  • Compliance Reporting: The integration between Delinea Cloud Suite and ArcSight SIEM supports compliance reporting requirements by providing centralized visibility into privileged access events. Organizations can generate customized reports and audit trails to demonstrate compliance with regulatory standards and internal policies.

To learn more about this integration, click here.