11/4/2015
CyberArk University
Integrations
Objectives
▪ Understand how CyberArk integrates with other Enterprise Software.
▪ Understand Identity & Authentication functions in CyberArk.
© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any
means, electronic and mechanical, without the express prior written permission of Cyber-Ark® Software Ltd. 1
� 11/4/2015
SMTP Integration
SMTP Integration
Email integration is critical for monitoring vault activity and facilitating workflow
processes.
Prerequisites:
▪ Have the IP address of the SMTP Gateway Available.
▪ Ensure that any necessary firewall rules or ACLs allow communications from
the Vault Servers to the SMTP Gateway.
© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any
means, electronic and mechanical, without the express prior written permission of Cyber-Ark® Software Ltd. 2
� 11/4/2015
SMTP Setup
SMTP Setup
© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any
means, electronic and mechanical, without the express prior written permission of Cyber-Ark® Software Ltd. 3
� 11/4/2015
SMTP Setup
SMTP Setup
© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any
means, electronic and mechanical, without the express prior written permission of Cyber-Ark® Software Ltd. 4
� 11/4/2015
Confirmation Email
SNMP Integration
10
© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any
means, electronic and mechanical, without the express prior written permission of Cyber-Ark® Software Ltd. 5
� 11/4/2015
Purpose
We recommend not installing any third-party monitoring agents. CyberArk can
send status information to your monitoring solution using SNMP.
Prerequisites:
▪ Have IP Addresses of all servers that can accept SNMP traps available.
▪ Have Community String available.
11
SNMP Setup
▪ Configure Remote Control Agent
■ This service must be running in order to send SNMP traps.
12
© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any
means, electronic and mechanical, without the express prior written permission of Cyber-Ark® Software Ltd. 6
� 11/4/2015
SNMP Setup
▪ paragent.ini, defines:
■ Information to be send via SNMP traps
■ Location of SNMP trap receiver
[MAIN]
RemoteStationIPAddress=10.0.0.3
UserCredentialsPath="C:\Program Files (x86)\PrivateArk\Server\ParAgent.pass"
RemoteAdminPort=9022
ExtensionComponentList="C:\Program Files (x86)\PrivateArk\Server\PARVaultAgent.dll,C:\Program
Files (x86)\PrivateArk\Server\PARENEAgent.dll"
AllowedMonitoredServices="PrivateArk Database,CyberArk Logic Container"
SNMPTrapsThresholdCPU=200,90,3,30,YES
SNMPTrapsThresholdPhysicalMemory=200,90,3,30,YES
SNMPTrapsThresholdSwapMemory=200,90,3,30,YES
SNMPTrapsThresholdDiskUsage=200,85,3,30,YES
SNMPTrapsThresholdServiceStatus=200,3,30,YES
LogMessagesFilterRegexp=.*
ExludedLogMessagesFilterRegexp=(ITA|PARE|PADR|CAS).*I
SNMPHostIP=10.0.1.1
SNMPTrapPort=162
SNMPCommunity="public"
13
SNMP Setup
▪ Restart Remote Control Agent
14
© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any
means, electronic and mechanical, without the express prior written permission of Cyber-Ark® Software Ltd. 7
� 11/4/2015
SIEM Integration
15
SIEM Integration
SIEM Integration is a powerful way to correlate Privileged Account Usage
with Privileged Account Activity.
▪ Have IP addresses of all servers that can accept SYSLOG information
available.
▪ Have a resource from the team responsible for SYSLOG servers
available.
16
© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any
means, electronic and mechanical, without the express prior written permission of Cyber-Ark® Software Ltd. 8
� 11/4/2015
SIEM Setup
▪ We will be sending Audit log information to the SIEM.
▪ Rename one of the sample translator files
■ Translator files translate CyberArk logging format into the SIEM logging format
■ These five files will cover the most commonly deployed SIEM systems
17
SIEM Setup
▪ Add SYSLOG config to dbparm.ini
[MAIN]
TasksCount=20
DateFormat=DD.MM.YY
TimeFormat=HH:MM:SS
ResidentDelay=10
BasePort=1858
LogRetention=7
LockTimeOut=30
DaysForAutoClear=30
DaysForPicturesDistribution=Never
ClockSyncTolerance=600
…
AllowNonStandardFWAddresses=[10.0.0.3],Yes,3389:outbound/tcp,3389:inbound/tcp
ComponentNotificationThreshold=PIMProvider,Yes,30,1440;AppProvider,Yes,30,1440;OPMProvider,Yes,30,1440;CPM,Yes
,720,1440;PVWA,Yes,90,1440;PSM,Yes,30,1440;DCAUser,Yes,60,2880;SFE,Yes,10,2880;FTP,Yes,60,2880;ENE,Yes,60,360
[BACKUP]
BackupKey=C:\PrivateArk\Keys\Backup.key
[CRYPTO]
SymCipherAlg=AES-256
ASymCipherAlg=RSA-2048
[SYSLOG]
SyslogTranslatorFile=Syslog\ArcSight.xsl
SyslogServerIP=10.0.255.222
SyslogServerPort=514
SyslogServerProtocol=UDP
SyslogMessageCodeFilter=0-999
SyslogSendBOMPrefix=NO
18
© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any
means, electronic and mechanical, without the express prior written permission of Cyber-Ark® Software Ltd. 9
� 11/4/2015
SIEM Setup
▪ Restart PrivateArk Server Service
19
Two Factor Authentication
20
© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any
means, electronic and mechanical, without the express prior written permission of Cyber-Ark® Software Ltd. 10
� 11/4/2015
Two Factor Authentication
We recommend that users with access to highly sensitive accounts use a two
factor authentication for access to the vault.
▪ Have the IP addresses of all RSA or RADIUS servers available.
▪ Create host entries in RSA or RADIUS for all Vault servers.
▪ Have the “secret” that was used during host entry creation available.
21
RADIUS Setup
▪ While we support a variety of Authentication methods, Radius is currently
the only method that is fully self-contained that integrates with the Vault at
the Vault level.
▪ Store Shared Secret on the Vault
22
© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any
means, electronic and mechanical, without the express prior written permission of Cyber-Ark® Software Ltd. 11
� 11/4/2015
RADIUS Setup
▪ Add Radius Configuration to dbparm.ini
[MAIN]
TasksCount=20
DateFormat=DD.MM.YY
TimeFormat=HH:MM:SS
ResidentDelay=10
BasePort=1858
LogRetention=7
LockTimeOut=30
DaysForAutoClear=30
DaysForPicturesDistribution=Never
ClockSyncTolerance=600
TraceArchiveMaxSize=5120
VaultEventNotifications=NotifyOnNewRequest,NotifyOnRejectRequest,NotifyOnConfirmRequestByAll,NotifyOnDeleteRequest
RecoveryPubKey=C:\PrivateArk\Keys\RecPub.key
ServerKey=C:\PrivateArk\Keys\Server.key
…
[BACKUP]
BackupKey=C:\PrivateArk\Keys\Backup.key
[CRYPTO]
SymCipherAlg=AES-256
ASymCipherAlg=RSA-2048
[SYSLOG]
SyslogTranslatorFile=Syslog\ArcSight.xsl
SyslogServerIP=10.0.255.222
SyslogServerPort=514
SyslogServerProtocol=UDP
SyslogMessageCodeFilter=0-999
SyslogSendBOMPrefix=NO
[RADIUS]
RadiusServersInfo=1.1.1.1;1812;vault01;radiussecret.dat
23
RADIUS Setup
▪ Restart PrivateArk Server Service
24
© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any
means, electronic and mechanical, without the express prior written permission of Cyber-Ark® Software Ltd. 12
� 11/4/2015
RADIUS Setup
▪ Switch Users’ Authentication Method to RADIUS
25
© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any
means, electronic and mechanical, without the express prior written permission of Cyber-Ark® Software Ltd. 13
