CyberArk PAS (PTA) Configuration - Part 5.1

This post is to summarize some basic configuration to get PTA works with your Vault.
Related Posts:

• CyberArk PAS (Vault PrivateArk Server and Client) Installation - Part 1
• CyberArk PAS (PVWA) Installation - Part 2
• CyberArk PAS (CPM) Installation - Part 3
• CyberArk PAS (PSM) Installation - Part 4
• CyberArk PAS (PTA) Installation - Part 5
• CyberArk PAS (PTA) Configuration - Part 5.1
• CyberArk PSM HTML5 Gateway Installation and Configuration - Part 6

Configure the Vault to Forward syslog Messages to PTA

1	The PTA syslog parameters are available in the dbparm.sample.ini file. Copy the parameters to the dbparm.ini configuration file.

[SYSLOG]
SyslogTranslatorFile=Syslog\PTA.xsl
SyslogServerPort=514
SyslogServerIP=192.168.2.28
SyslogServerProtocol=UDP
SyslogMessageCodeFilter=295,308,7,24,31,428,361,372,373,359,436,412,411,300,302,294,427,471
UseLegacySyslogFormat=No

2  Restart the PrivateArk Server. No need to change firewall rule.

Integrate PTA with PSM

1  To Show the PTA Activity Score in PVWA: 1. Log on to the PVWA as a user with the Administrator permission. 2. Navigate to Administration > Options, and select PIM Suite Configuration > Access Restriction. 3. Right-click and select Add AllowedReferrer. 4. In BaseUrl, enter the PTA Server IP address. 5. Set RegularExpression to Yes. 6. Click Apply. 7. Navigate to Administration > Options, and select PIM Suite Configuration > Privileged Session Management UI. 8. Ensure that the PSMandPTAIntegration setting is valued with Yes. 9. Click Apply and then click OK.

2  To Allow Session Termination and Suspension: 1. Log on to the PVWA as a user with the Administrator permission. 2. Navigate to Administration > Options, and select PIM Suite Configuration > Privileged Session Management > General Settings > Server Settings > Live Sessions Monitoring Settings. 3. Ensure that the AllowPSMNotifications setting is valued with Yes. 4. Click Apply. 5. Expand Live Sessions Monitoring Settings > Terminating Live Sessions Users and Groups and ensure that the PSMLiveSessionTerminators group exists here. 6. Expand Live Sessions Monitoring Settings > Suspending Live Sessions Users and Groups and ensure that the PSMLiveSessionTerminators group exists here. 7. Click Apply and then click OK.

Create a test rule

Go to Security -> Security Configurations -> Add rule or Edit a rule

Create a test rule

Launch a SSH session from PVWA. After login, try to type passwd command. You will receive a similar event as show below. 

Session score from Monitoring tab.