Chat now with support
Chat with Support

One Identity Safeguard for Privileged Passwords 6.7 - Administration Guide

Introduction System requirements and versions Using API and PowerShell tools Using the virtual appliance and web management console Cloud deployment considerations Setting up Safeguard for Privileged Passwords for the first time Using the web client Getting started with the desktop client Using the desktop client Search box Privileged access requests Toolbox Accounts Account Groups Assets Asset Groups Discovery Entitlements Partitions Settings
Access Request settings Appliance settings Asset Management settings Backup and Retention settings Certificates settings Cluster settings Enable or Disable Services settings External Integration settings Messaging settings (desktop client) Password Management settings Safeguard Access settings SSH Key Management settings
Users User Groups Disaster recovery and clusters Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions Appendix A: Safeguard ports Appendix B: SPP 2.7 or later migration guidance Appendix C: SPP and SPS join guidance Appendix D: Regular Expressions SPP Glossary About us

Syslog Events

web client only

You can configure audit event logs to send to syslog server (cluster-wide). Audit events include connection, closure, and failures. Failures include the reason, the initiator, and the target. For example, a certificate validation failure will include the initiator and the target.

Debug logging to syslog server is available and is appliance specific (see Debug).

To configure audit event logs to send to a syslog server

  1. You will need a configured syslog server. If you have not configured a syslog server, you will see a message like this: To configure additional debut logging options, you need to configure a syslog server. Click Configure a syslog server. For more information, see Configuring and verifying a syslog server.
  2. Navigate to  Settings| External Integration | Syslog Events.
  3. The Syslog Events pane displays the following.
Table 166: Syslog server: Properties
Property Description

Syslog Server

The name of the syslog server

Facility The type of program being used to create syslog messages (for example, User or Mail)

Log Format

The format which can be CEF or JSON

Description The description of the syslog event
# of Events The number of events selected to be logged to the syslog server

Use these toolbar buttons to manage the syslog server configurations

Table 167: Syslog server: Toolbar
Option Description
Add Add a new syslog server configuration. For more information, see Configuring and verifying a syslog server.
Remove

Remove the selected syslog server configuration from Safeguard for Privileged Passwords.

Edit Modify the selected syslog server configuration.
Copy Syslog Template Clone the selected syslog server configuration.
Refresh Update the list of syslog server configurations.

Send Test Event button

  • To send a test message to the designated syslog server
  • Add a syslog event subscriber

    web client only

    It is the responsibility of the Appliance Administrator to add an event subscriber.

    To add an event subscriber

    1. Navigate to  Settings| External Integration | Syslog Event.
    2. Click Add to display the Syslog Events dialog.
    3. In the Syslog Events dialog, enter the following:

      1. Syslog Server: Select the server to which you want to send the events.

      2. Description: Enter the description of the syslog event.
      3. Subscribe to All Events: Select this check box to subscribe to all events, including new events that may be added in the future. If unselected, select specific events.
      4. If you left Subscribe to All Events unselected, click Browse then select the check boxes of the Events to which you want to subscribe You can enter characters then click Search to limit the events that are displayed. Click OK.

      5. Facility: Select which syslog facility to send, for example User or Mail.
      6. Log Format: Select between Common Event Format (CEF) or Javascript Object Notation (JSON).
      7. If you select JSON, enter the Attribute Prefix which is text that will be prepended to the JSON attributes.
    4. Click OK.

    Ticketing systems

    You can use ticketing that is not configured with an external ticketing system or integrate with an external ticketing system (such as ServiceNow or Remedy).

    Tickets can be viewed in the Activity Center, Ticket # column.

    Go to Ticket Systems:

    • web client: Navigate to  Settings | External Integration | Ticket Systems.
    • desktop client: Navigate to Administrative Tools | Settings | External Integration | Ticket Systems.
    Ticketing toolbar

    Use these toolbar buttons to manage the ticketing systems defined to integrate with Safeguard for Privileged Passwords.

    • Add: Add a new ticket system.
    • Remove: Remove the selected ticket system from Safeguard for Privileged Passwords.
    • Edit: Modify the selected ticket system configuration.
    • Refresh: Update the list of ticket systems.
    Setup and workflow

    For set up and workflow details, see the following based on the ticketing you use:

    ServiceNow ticketing system integration

    ServiceNow is a cloud-based issue tracking system. Safeguard for Privileged Passwords can exchange the following ticket types with ServiceNow:

    • INC (incident) tickets
    • CHG (change) tickets
    • RITM (request) tickets
    • PRB (problem) tickets

    The data items specific to ServiceNow may be optional based on your configuration.

    To use ServiceNow, the root CA Certificate required for ServiceNow must be installed in Safeguard for Privileged Passwords. For more information, see Trusted CA Certificates. To add a trusted certificate, see Adding a trusted certificate.

    Tickets can be viewed in the Activity Center, Ticket # column.

    Setting up the integration

    1.  Go to Ticket Systems:
      • web client: Navigate to  Settings | External Integration | Ticket Systems.
      • desktop client: Navigate to Administrative Tools | Settings | External Integration | Ticket Systems.
    2. Click  Add to add a ticket system.
    3. Do the following:
      • web client: Select ServiceNow.
      • desktop client: On the Ticket System dialog, select the Type as ServiceNow.
    4. Complete the authorization information based on your installation:
      • Name: Enter the name of your ticketing system
      • URL: Enter the web site address to the ticketing system.
      • Username: Enter an account for Safeguard for Privileged Passwords to use to access the ticketing system.
      • Password: Enter the user account's password.
      • Client Identifier: Enter the ServiceNow Client ID.
      • Client Secret: Enter the ServiceNow secret key.
    5. Click Test Connection to test the connection to ServiceNow.

    Ticket workflow

    1. The Security Policy Administrator creates an access request policy that requires the requester to provide a ticket number when creating an access request. For more information, see Creating an access request policy
    2. When the requester makes a request, they must enter the existing ServiceNow ticket number on the New Access Request dialog, Request Details tab, Ticket Number field. See:
    3. Safeguard for Privileged Passwords queries all configured ticket systems to see if that ticket number represents a ticket that exists and is in an open state. For ServiceNow, Safeguard checks the Active property of the identified ticket returned from the ServiceNow API and considers the ticket number valid if the Active property is not false for that incident.
      1. If the ticket is not active, the request is denied.
      2. If the ticket is active, the access workflow continues.
    Related Documents

    The document was helpful.

    Select Rating

    I easily found the information I needed.

    Select Rating