Integrating with Privileged Behavior Analytics

Delinea's Privileged Behavior Analytics (PBA) SaaS product can be integrated with Privilege Manager cloud instances

For the integration to work correctly independent of your Privilege Manager instance, you need to have a Delinea enabled PBA instance.

Refer to the PBA Documentation for details on features and functionality of PBA.

PBA System Settings Details

You will need to retrieve the PBA System Settings details required for setting up the integration in Privilege Manager.

  1. Navigate to the PBA Systems Settings page (/system_settings/).

    system settings

  2. Use the Syslog URL and port information when setting up the SysLog Foreign System below. Use the Event Post Url and the X-API-Key when setting up the Send Application Events to PBA below.

Setting Up PBA Integration on Privilege Manager

Required PBA resources are provided via Privilege Manager Configuration Feeds.

Downloading and Installing the PBA Config Feed

  1. In you Privilege Manager console, navigate to Admin | Config Feeds.
  2. Expand Privilege Manager Product Configuration Feeds.
  3. Expand Thycotic Management Server Core.
  4. Install Privileged Behavior Analytics Integration.

After the install, proceed to the Foreign Systems setup.

Setting up the PBA SysLog Foreign System

  1. Navigate to Admin | Config and select Foreign Systems.

  2. Select SysLog.

  3. Click Create.

  4. Enter a name and your SysLog server details.

    pba 3

  5. Click Create.

  6. Verify that your Protocol, Host, and Port match your SysLog server details (SysLog URL and SysLog Port from the PBA System Settings details).

    pba 4

Using the PBA Send Tasks

  1. Navigate to Admin | Tasks and from the folder tree select Server Tasks | Foreign Systems.

  2. Click PBA - SysLog.

    pba 2

  3. For Privilege Manager to send data based on any of these task, the PBA SysLog server you created as a Foreign System above, needs to be added as the SysLog System ID. This can either be done

    • On Demand when running the task:

      1. Select a PBA Data Send tasks and click Run.

      2. Specify the SysLog System ID.

        pba 5

      3. Click Run Task.

    • By setting up a schedule:

      1. Select a PBA Data Send tasks and click View.

      2. Under Parameters specify the SysLog System ID.

      3. Define a Schedule, by clicking New Schedule

        pba 6

      4. Click Save Changes.

    Repeat for each of the data sets you want to use in PBA.

Enable Send Application Events to PBA

The config feeds installation also add a remote scheduled client command for PBA to Privilege Manager. The Send Application Events to PBA policy is by default disabled.

  1. Under your computer Group navigate to Scheduled Jobs.

  2. On the Scheduled Jobs page search for PBA and select Send Application Events to PBA.

    pba 7

    • Under Job Settings enter the PBA Event Post URL and X-API-Key details from the PBA system settings information.
    • Modify the Job Schedule if customization is required.
    • Customize any of the Job Conditions to better fit your implementation.

  3. Click Save Changes.

  4. Set the Inactive switch to Active.

  5. Next to Deployment click the i icon and select the Resource and Collection Targeting Update task to run.