Configuring Privileged Behavior Analytics With Privilege Manager

Delinea's Privileged Behavior Analytics (PBA) SaaS product can be integrated with Privilege Manager cloud instances.

For the integration to work correctly, independent of your Privilege Manager instance, you need to have a Delinea enabled PBA instance.

To configure Privilege Manager with Privileged Behavior Analytics (PBA), you need to integrate the two systems. This involves the following:

• PBA System Settings Details

• Setting Up PBA Integration on Privileged Behavior Analytics

• Enable Send Application Events to PBA

PBA System Settings Details

You will need to retrieve the PBA System Settings details required for setting up the integration in Privileged Behavior Analytics.

1. Navigate to the PBA Systems Settings page (/system_settings/).

   

2. Use the Syslog URL and port information when setting up the SysLog Foreign System below. Use the Event Post Url and the X-API-Key when setting up the Send Application Events to PBA below.

Setting Up PBA Integration on Privileged Behavior Analytics

Required PBA resources are provided via Privilege Manager Configuration Feeds.

Downloading and Installing the PBA Config Feed

1. In your Privilege Manager console, navigate to Admin | Config Feeds.
2. Expand Privilege Manager Product Configuration Feeds.
3. Expand Privilege Manager Core Solution.
4. Install Privileged Behavior Analytics Integration.

After the installation, proceed to the foreign systems setup.

Setting up the PBA SysLog Foreign System

1. In your Privilege Manager console, navigate to Admin | Config and select Foreign Systems.

2. Select SysLog.

3. Click Create.

   

4. Enter a name and your SysLog server details.

5. Click Create.

6. Verify that your Protocol, Host, and Port match your SysLog server details (SysLog URL and SysLog Port from the PBA System Settings details).

   

Using the PBA Send Tasks

1. In your Privilege Manager console, navigate to Admin | Tasks and from the folder tree select Server Tasks | Foreign Systems.

2. Click PBA - SysLog.

3. For Privilege Manager to send data based on any of these tasks, the PBA SysLog server you created as a foreign system, needs to be added as the SysLog System ID. This can be done in either of these ways.

   • On Demand when running the task:

     1. Select a PBA Data Send tasks and click Run.

        

     2. Specify the SysLog System ID.

     3. Click Run Task.

   • By setting up a schedule: 

     1. Select a PBA Data Send tasks and click View.

     2. Under Parameters specify the SysLog System ID.

     3. Define a Schedule, by clicking New Schedule

        

     4. Click Save Changes.

   Repeat for each of the data sets you want to use in PBA.

Enable Send Application Events to PBA

The config feeds installation also add a remote scheduled client command for PBA to Privileged Behavior Analytics. The Send Application Events to PBA policy is by default disabled.

1. In your Privilege Manager console, under your computer group, navigate to Scheduled Jobs.

2. On the Scheduled Jobs page search for PBA and select Send Application Events to PBA.

   

   • Under Job Settings, enter the PBAEvent Post URL and X-API-Key details from the PBA system settings information.
   • Modify the Job Schedule if customization is required.
   • Customize any of the Job Conditions to better fit your implementation.

3. Click Save Changes.

4. Set the Inactive switch to Active.

5. Next to Deployment, click the i icon and select the Resource and Collection Targeting Update task to run.