integrate passwordstate - eventtracker...4. now select all the checkbox and then click on the...
TRANSCRIPT
Integrate Passwordstate EventTracker v9.x or above
Publication Date: May 20, 2019
1
Integrate Passwordstate
Abstract This guide provides instructions to configure Passwordstate to send the Syslog to EventTracker Enterprise.
Once the Syslog is being configured to send to EventTracker manager, alerts and reports can be configured
into EventTracker.
Scope The configurations detailed in this guide are consistent with EventTracker Enterprise version 9.x and later,
Passwordstate Enterprise Password Management.
Audience Administrators who are responsible for monitoring Passwordstate which are running using EventTracker
manager.
The information contained in this document represents the current view of Netsurion on the issues
discussed as of the date of publication. Because Netsurion must respond to changing market
conditions, it should not be interpreted to be a commitment on the part of Netsurion, and Netsurion
cannot guarantee the accuracy of any information presented after the date of publication.
This document is for informational purposes only. Netsurion MAKES NO WARRANTIES, EXPRESS OR
IMPLIED, AS TO THE INFORMATION IN THIS DOCUMENT.
Complying with all applicable copyright laws is the responsibility of the user. Without limiting the
rights under copyright, this paper may be freely distributed without permission from Netsurion, if
its content is unaltered, nothing is added to the content and credit to Netsurion is provided.
Netsurion may have patents, patent applications, trademarks, copyrights, or other intellectual
property rights covering subject matter in this document. Except as expressly provided in any
written license agreement from Netsurion, the furnishing of this document does not give you any
license to these patents, trademarks, copyrights, or other intellectual property.
The example companies, organizations, products, people and events depicted herein are fictitious.
No association with any real company, organization, product, person or event is intended or should
be inferred.
© 2019 Netsurion. All rights reserved. The names of actual companies and products mentioned
herein may be the trademarks of their respective owners.
2
Integrate Passwordstate
Table of Contents Abstract ............................................................................................................................................................. 1
Scope ................................................................................................................................................................. 1
Audience ............................................................................................................................................................ 1
Passwordstate Enterprise Password Management .............................................................................................. 3
Prerequisites .......................................................................................................................................................... 3
Logging into the Passwordstate ........................................................................................................................ 3
Passwordstate Knowledge Pack ............................................................................................................................ 6
Alerts ................................................................................................................................................................. 6
Flex Reports ....................................................................................................................................................... 7
Dashboards ...................................................................................................................................................... 11
Importing Passwordstate knowledge pack into EventTracker ............................................................................ 14
Alerts ............................................................................................................................................................... 14
Templets .......................................................................................................................................................... 17
Flex Reports ..................................................................................................................................................... 18
Knowledge Objects .......................................................................................................................................... 20
Dashboards ...................................................................................................................................................... 21
Verifying Passwordstate knowledge pack in EventTracker ................................................................................. 23
Knowledge Object ........................................................................................................................................... 23
Templets .......................................................................................................................................................... 24
Flex Reports ..................................................................................................................................................... 25
Alerts ............................................................................................................................................................... 26
3
Integrate Passwordstate
Passwordstate Enterprise Password Management
Passwordstate is an on-premise web-based solution for Enterprise Password Management, where teams of people can access and share sensitive password resources. Role based administration and end-to-end event auditing provides a secure platform for password storage and collaboration. Many features are available in Passwordstate, without any additional cost e.g. Secure Password Vault, Account Discoveries, Account Heartbeats, Flexible Password Reset Engine, Remote Session Management, Scriptable API, Browser Extensions, Mobile Client, Compliance Reporting, Many 2FA Options, Auditing, and Email Alerts.
Prerequisites • EventTracker v9.x should be installed.
• Passwordstate Enterprise Password Management application should be installed and configured.
• An exception should be added into the windows firewall on the EventTracker machine for Syslog port
514.
Configuring Passwordstate to send Syslog to EventTracker
Logging into the Passwordstate
1. Launch the Passwordstate login Page.
2. Enter your User ID and Password to authenticate.
3. Click on Logon.
Figure 1
4
Integrate Passwordstate
Enabling the Syslog Service You can configure Passwordstate to send logs to a syslog server in addition to Elasticsearch in Eventtracker.
It will send all the auditing data to one of your own internal Syslog servers. It is the Passwordstate Windows Service which checks every minute for new data to send, and the Windows Service keeps track of the latest auditing record which was successfully sent, and only send subsequent records. Communication to Syslog servers can also be done over UDP or TCP, against the port number specified. If needed, you can also modify the date/time formatting of the messages sent to Syslog servers.
1. In Passwordstate (Form based authentication page) select ADMINISTRATION.
2. Select System Setting from the list under the Administration tab.
Figure 2
5
Integrate Passwordstate
3. In System setting select proxy and syslog servers tab.
Figure 3
4. Under the proxy and Syslog servers complete the Syslog server details.
5. In Syslog server tab provide Eventtracker Manager’s IP address.
6. Provide the Port Number.
7. And select the Protocol type.
Figure 4
8. Click on Save and Close option.
6
Integrate Passwordstate
Figure 5
Passwordstate Knowledge Pack
Alerts
• Passwordstate Failed Login: This Alert provides information related to login failure details.
7
Integrate Passwordstate
Flex Reports 1. Passwordstate Password Management: This report provides information related to password
management operations (password deleted, password added, password modified, etc.)
Figure 6
Sample Log:
2. Passwordstate Group Management: This report provides information related to security group
management (new security group created, added, modified, removed, updated etc.)
May 10 12:01:21 XYZ123 2019-05-10 12:00:49 10.87.22.100 Passwordstate: adarsh (adarsh) updated mary 's (123) password for their account. Client IP Address = 10.22.87.100
8
Integrate Passwordstate
Figure 7
Sample Log:
3. Passwordstate Logon Activities: This report provides information related to login-logoff activities by
users.
May 10 14:51:22 Test123 2019-05-10 14:50:35 10.212.33.90 Passwordstate: William (William) added the Local Security Group 'test2' to Passwordstate. Client IP Address = 10.90.212.33
9
Integrate Passwordstate
Figure 8
Sample Log:
4. Passwordstate Login Failure Activities: This report provides information related to login failures by
users.
May 13 16:48:51 ntpldtblr44 2019-05-13 16:48:39 10.22.87.100 Passwordstate: Manual logoff for UserID ''test1'' from the IP Address 10.22.87.100. Client IP Address = 10.22.87.100 May 10 10:20:21 ntpldtblr44 2019-05-10 10:20:12 10.22.87.100 Passwordstate: Successful Forms Based login for UserID 'adarsh' from the IP Address 10.22.87.100. Client IP Address = 10.28.100.39
10
Integrate Passwordstate
Figure 9
Sample Log:
5. Passwordstate User Management: This report provides information related to user account
management by administrator e.g. (new user added, deleted, account updated, account disabled,
granted access etc.)
Apr 09 03:15:17 stone5 Apr 09 03:15:26 10.22.55.68 Passwordstate: Failed 'Active Directory' login attempt for UserID 'contoso\john' from the IP Address '10.22.55.100'. Client IP Address = 10.22.55.100 May 14 16:18:07 ntpldtblr44 2019-05-14 16:17:23 10.22.55.100 Passwordstate: Failed 'Forms Based' login attempt for UserID 'adarsh' from the IP Address '10.22.55.100'. Client IP Address = 10.22.55.100
11
Integrate Passwordstate
Figure 10
Sample Log :
Dashboards 1. Passwordstate Activities :
May 10 15:00:23 ntpldtblr44 2019-05-10 14:59:53 172.28.100.240 Passwordstate: adarsh (adarsh) disabled the User Account 'pratik (test3)'. Client IP Address = 172.28.100.36
12
Integrate Passwordstate
Figure 11
2. Passwordstate Login Activities by Geo-location:
Figure 12
13
Integrate Passwordstate
3. Passwordstate Login Activities by Users:
Figure 13
4. Passwordstate User Account Activity:
Figure 14
14
Integrate Passwordstate
5. Passwordstate Document Modification by User:
Figure 15
Importing Passwordstate knowledge pack into
EventTracker • Alerts
• Templets
• Flex Reports
• Knowledge Objects
• Dashlets
Alerts 1. Launch the EventTracker Control Panel.
2. Double click Export-Import Utility
15
Integrate Passwordstate
Figure 16
3. Click the Import tab.
4. Select the Alert option.
5. Click on Browse button and select file path.
6. Click on Import.
16
Integrate Passwordstate
Figure 17
7. Alerts are now imported successfully.
Figure 18
17
Integrate Passwordstate
Templets 1. Login to EventTracker console.
2. Click on the Admin option in the EventTracker Manager Page. 3. Select Parsing Rules.
Figure 19
4. Select Templet and click on the import icon.
Figure 20
5. Browse Passwordstate Templet files.
Figure 21
6. Select all Passwordstate Template names.
7. Click on the Import button.
18
Integrate Passwordstate
Figure 22
8. Templets imported successfully.
Figure 23
Flex Reports On EventTracker Control Panel,
1. Click Reports option and select new(.etcrx) from the option.
19
Integrate Passwordstate
Figure 24
2. Locate the file named Reports_ Passwordstate.etcrx and select all the checkbox.
20
Integrate Passwordstate
Figure 25
3. Click the Import button to import the reports. EventTracker displays a success message.
Figure 26
Knowledge Objects 1. Login to EventTracker console.
2. Click on Knowledge objects under the Admin option in the EventTracker manager page.
21
Integrate Passwordstate
Figure 27
3. Locate the file named KO_Passwordstate.etko
Figure 28
4. Now select all the checkbox and then click on the ‘Upload’ option.
5. Knowledge objects are now imported successfully.
Figure 29
Dashboards 1. Open EventTracker Enterprise in the browser and log in.
Figure 30
2. Navigate to My Dashboard.
22
Integrate Passwordstate
3. Click on the Import configuration icon on the top right corner.
4. In the popup window browse the file named Dashboard_Passwordstate.etwd
Figure 31
5. Now select all the checkbox and then click on the Import option.
Figure 32
6. Click ‘customize’ to locate and choose created dashlets.
7. Click Add to add Dashlets to the dashboard.
23
Integrate Passwordstate
Figure 33
Verifying Passwordstate knowledge pack in
EventTracker
Knowledge Object 1. In the EventTracker Enterprise web interface, click the Admin drop-down, and then click Knowledge
Objects.
2. In the Knowledge Object tree, expand the Passwordstate group folder to view the imported Knowledge
objects.
24
Integrate Passwordstate
Figure 34
Templets 1. In the EventTracker Enterprise web interface, click the Admin drop-down, and then click Parsing Rules.
Figure 35
2. Select Templet and find the Paswordstate Group.
3. Click on Passwordstate Group to see the All Templets.
25
Integrate Passwordstate
Figure 36
Flex Reports 1. In the EventTracker Enterprise web interface, click the Reports icon, and then select the Report
Configuration.
Figure 37
2. In Reports Configuration pane, select a defined option.
3. Click on the Passwordstate group folder to view the imported Passwordstate reports.
26
Integrate Passwordstate
Figure 38
Alerts 1. In the EventTracker Enterprise web interface, click the Admin icon, and then select Alerts.
Figure 39
2. In the Alert search bar, we can search the alert name and view the imported Passwordstate Alerts.
27
Integrate Passwordstate
Figure 40