Latest Posts

CyberArk PAS (PTA) Configuration - Part 5.1

This post is to summarize some basic configuration to get PTA works with your Vault.
Related Posts:

Configure the Vault to Forward syslog Messages to PTA


1  The PTA syslog parameters are available in the dbparm.sample.ini file. Copy the parameters to the dbparm.ini configuration file.
[SYSLOG]
SyslogTranslatorFile=Syslog\PTA.xsl
SyslogServerPort=514
SyslogServerIP=192.168.2.28
SyslogServerProtocol=UDP
SyslogMessageCodeFilter=295,308,7,24,31,428,361,372,373,359,436,412,411,300,302,294,427,471
UseLegacySyslogFormat=No

2  Restart the PrivateArk Server. No need to change firewall rule. 


Integrate PTA with PSM


1  To Show the PTA Activity Score in PVWA:
1.Log on to the PVWA as a user with the Administrator permission.
2.Navigate to Administration > Options, and select PIM Suite Configuration > Access Restriction.
3.Right-click and select Add AllowedReferrer.
4.In BaseUrl, enter the PTA Server IP address.
5.Set RegularExpression to Yes.
6.Click Apply.
7.Navigate to Administration > Options, and select PIM Suite Configuration > Privileged Session Management UI.
8.Ensure that the PSMandPTAIntegration setting is valued with Yes.
9.Click Apply and then click OK.


2  To Allow Session Termination and Suspension:
1.Log on to the PVWA as a user with the Administrator permission.
2.Navigate to Administration > Options, and select PIM Suite Configuration > Privileged Session Management > General Settings > Server Settings > Live Sessions Monitoring Settings.
3.Ensure that the AllowPSMNotifications setting is valued with Yes.
4.Click Apply.
5.Expand Live Sessions Monitoring Settings > Terminating Live Sessions Users and Groups and ensure that the PSMLiveSessionTerminators group exists here.
6.Expand Live Sessions Monitoring Settings > Suspending Live Sessions Users and Groups and ensure that the PSMLiveSessionTerminators group exists here.
7.Click Apply and then click OK.


Create a test rule

Go to Security -> Security Configurations -> Add rule or Edit a rule



Create a test rule

Launch a SSH session from PVWA. After login, try to type passwd command. You will receive a similar event as show below. 



Session score from Monitoring tab.















No comments