11/4/2015

CyberArk University
Integrations

Objectives

▪ Understand how CyberArk integrates with other Enterprise Software.

▪ Understand Identity & Authentication functions in CyberArk.

© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any
means, electronic and mechanical, without the express prior written permission of Cyber-Ark® Software Ltd. 1
 11/4/2015

SMTP Integration

SMTP Integration

Email integration is critical for monitoring vault activity and facilitating workflow
processes.
Prerequisites:
▪ Have the IP address of the SMTP Gateway Available.
▪ Ensure that any necessary firewall rules or ACLs allow communications from
the Vault Servers to the SMTP Gateway.

© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any
means, electronic and mechanical, without the express prior written permission of Cyber-Ark® Software Ltd. 2
 11/4/2015

SMTP Setup

SMTP Setup

© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any
means, electronic and mechanical, without the express prior written permission of Cyber-Ark® Software Ltd. 3
 11/4/2015

SMTP Setup

SMTP Setup

© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any
means, electronic and mechanical, without the express prior written permission of Cyber-Ark® Software Ltd. 4
 11/4/2015

Confirmation Email

SNMP Integration

10

© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any
means, electronic and mechanical, without the express prior written permission of Cyber-Ark® Software Ltd. 5
 11/4/2015

Purpose

We recommend not installing any third-party monitoring agents. CyberArk can

send status information to your monitoring solution using SNMP.

Prerequisites:
▪ Have IP Addresses of all servers that can accept SNMP traps available.
▪ Have Community String available.

11

SNMP Setup
▪ Configure Remote Control Agent
￭ This service must be running in order to send SNMP traps.

12

© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any
means, electronic and mechanical, without the express prior written permission of Cyber-Ark® Software Ltd. 6
 11/4/2015

SNMP Setup

▪ paragent.ini, defines:
￭ Information to be send via SNMP traps
￭ Location of SNMP trap receiver

[MAIN]
RemoteStationIPAddress=10.0.0.3
UserCredentialsPath="C:\Program Files (x86)\PrivateArk\Server\ParAgent.pass"
RemoteAdminPort=9022
ExtensionComponentList="C:\Program Files (x86)\PrivateArk\Server\PARVaultAgent.dll,C:\Program
Files (x86)\PrivateArk\Server\PARENEAgent.dll"
AllowedMonitoredServices="PrivateArk Database,CyberArk Logic Container"
SNMPTrapsThresholdCPU=200,90,3,30,YES
SNMPTrapsThresholdPhysicalMemory=200,90,3,30,YES
SNMPTrapsThresholdSwapMemory=200,90,3,30,YES
SNMPTrapsThresholdDiskUsage=200,85,3,30,YES
SNMPTrapsThresholdServiceStatus=200,3,30,YES
LogMessagesFilterRegexp=.*
ExludedLogMessagesFilterRegexp=(ITA|PARE|PADR|CAS).*I
SNMPHostIP=10.0.1.1
SNMPTrapPort=162
SNMPCommunity="public"

13

SNMP Setup

▪ Restart Remote Control Agent

14

© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any
means, electronic and mechanical, without the express prior written permission of Cyber-Ark® Software Ltd. 7
 11/4/2015

SIEM Integration

15

SIEM Integration

SIEM Integration is a powerful way to correlate Privileged Account Usage

with Privileged Account Activity.
▪ Have IP addresses of all servers that can accept SYSLOG information
available.
▪ Have a resource from the team responsible for SYSLOG servers
available.

16

© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any
means, electronic and mechanical, without the express prior written permission of Cyber-Ark® Software Ltd. 8
 11/4/2015

SIEM Setup

▪ We will be sending Audit log information to the SIEM.

▪ Rename one of the sample translator files
￭ Translator files translate CyberArk logging format into the SIEM logging format
￭ These five files will cover the most commonly deployed SIEM systems

17

SIEM Setup

▪ Add SYSLOG config to dbparm.ini

[MAIN]
TasksCount=20
DateFormat=DD.MM.YY
TimeFormat=HH:MM:SS
ResidentDelay=10
BasePort=1858
LogRetention=7
LockTimeOut=30
DaysForAutoClear=30
DaysForPicturesDistribution=Never
ClockSyncTolerance=600
…
AllowNonStandardFWAddresses=[10.0.0.3],Yes,3389:outbound/tcp,3389:inbound/tcp
ComponentNotificationThreshold=PIMProvider,Yes,30,1440;AppProvider,Yes,30,1440;OPMProvider,Yes,30,1440;CPM,Yes
,720,1440;PVWA,Yes,90,1440;PSM,Yes,30,1440;DCAUser,Yes,60,2880;SFE,Yes,10,2880;FTP,Yes,60,2880;ENE,Yes,60,360
[BACKUP]
BackupKey=C:\PrivateArk\Keys\Backup.key
[CRYPTO]
SymCipherAlg=AES-256
ASymCipherAlg=RSA-2048
[SYSLOG]
SyslogTranslatorFile=Syslog\ArcSight.xsl
SyslogServerIP=10.0.255.222
SyslogServerPort=514
SyslogServerProtocol=UDP
SyslogMessageCodeFilter=0-999
SyslogSendBOMPrefix=NO

18

© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any
means, electronic and mechanical, without the express prior written permission of Cyber-Ark® Software Ltd. 9
 11/4/2015

SIEM Setup

▪ Restart PrivateArk Server Service

19

Two Factor Authentication

20

© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any
means, electronic and mechanical, without the express prior written permission of Cyber-Ark® Software Ltd. 10
 11/4/2015

Two Factor Authentication

We recommend that users with access to highly sensitive accounts use a two
factor authentication for access to the vault.
▪ Have the IP addresses of all RSA or RADIUS servers available.
▪ Create host entries in RSA or RADIUS for all Vault servers.
▪ Have the “secret” that was used during host entry creation available.

21

RADIUS Setup

▪ While we support a variety of Authentication methods, Radius is currently

the only method that is fully self-contained that integrates with the Vault at
the Vault level.
▪ Store Shared Secret on the Vault

22

© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any
means, electronic and mechanical, without the express prior written permission of Cyber-Ark® Software Ltd. 11
 11/4/2015

RADIUS Setup

▪ Add Radius Configuration to dbparm.ini

[MAIN]
TasksCount=20
DateFormat=DD.MM.YY
TimeFormat=HH:MM:SS
ResidentDelay=10
BasePort=1858
LogRetention=7
LockTimeOut=30
DaysForAutoClear=30
DaysForPicturesDistribution=Never
ClockSyncTolerance=600
TraceArchiveMaxSize=5120
VaultEventNotifications=NotifyOnNewRequest,NotifyOnRejectRequest,NotifyOnConfirmRequestByAll,NotifyOnDeleteRequest
RecoveryPubKey=C:\PrivateArk\Keys\RecPub.key
ServerKey=C:\PrivateArk\Keys\Server.key
…
[BACKUP]
BackupKey=C:\PrivateArk\Keys\Backup.key
[CRYPTO]
SymCipherAlg=AES-256
ASymCipherAlg=RSA-2048
[SYSLOG]
SyslogTranslatorFile=Syslog\ArcSight.xsl
SyslogServerIP=10.0.255.222
SyslogServerPort=514
SyslogServerProtocol=UDP
SyslogMessageCodeFilter=0-999
SyslogSendBOMPrefix=NO
[RADIUS]
RadiusServersInfo=1.1.1.1;1812;vault01;radiussecret.dat

23

RADIUS Setup

▪ Restart PrivateArk Server Service

24

© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any
means, electronic and mechanical, without the express prior written permission of Cyber-Ark® Software Ltd. 12
 11/4/2015

RADIUS Setup

▪ Switch Users’ Authentication Method to RADIUS

25

© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any
means, electronic and mechanical, without the express prior written permission of Cyber-Ark® Software Ltd. 13