integrate passwordstate - eventtracker...4. now select all the checkbox and then click on the...

Integrate Passwordstate EventTracker v9.x or above

Publication Date: May 20, 2019

1

Integrate Passwordstate

Abstract This guide provides instructions to configure Passwordstate to send the Syslog to EventTracker Enterprise.

Once the Syslog is being configured to send to EventTracker manager, alerts and reports can be configured

into EventTracker.

Scope The configurations detailed in this guide are consistent with EventTracker Enterprise version 9.x and later,

Passwordstate Enterprise Password Management.

Audience Administrators who are responsible for monitoring Passwordstate which are running using EventTracker

manager.

The information contained in this document represents the current view of Netsurion on the issues

discussed as of the date of publication. Because Netsurion must respond to changing market

conditions, it should not be interpreted to be a commitment on the part of Netsurion, and Netsurion

cannot guarantee the accuracy of any information presented after the date of publication.

This document is for informational purposes only. Netsurion MAKES NO WARRANTIES, EXPRESS OR

IMPLIED, AS TO THE INFORMATION IN THIS DOCUMENT.

Complying with all applicable copyright laws is the responsibility of the user. Without limiting the

rights under copyright, this paper may be freely distributed without permission from Netsurion, if

its content is unaltered, nothing is added to the content and credit to Netsurion is provided.

Netsurion may have patents, patent applications, trademarks, copyrights, or other intellectual

property rights covering subject matter in this document. Except as expressly provided in any

written license agreement from Netsurion, the furnishing of this document does not give you any

license to these patents, trademarks, copyrights, or other intellectual property.

The example companies, organizations, products, people and events depicted herein are fictitious.

No association with any real company, organization, product, person or event is intended or should

be inferred.

© 2019 Netsurion. All rights reserved. The names of actual companies and products mentioned

herein may be the trademarks of their respective owners.

2


Table of Contents Abstract ............................................................................................................................................................. 1

Scope ................................................................................................................................................................. 1

Audience ............................................................................................................................................................ 1

Passwordstate Enterprise Password Management .............................................................................................. 3

Prerequisites .......................................................................................................................................................... 3

Logging into the Passwordstate ........................................................................................................................ 3

Passwordstate Knowledge Pack ............................................................................................................................ 6

Alerts ................................................................................................................................................................. 6

Flex Reports ....................................................................................................................................................... 7

Dashboards ...................................................................................................................................................... 11

Importing Passwordstate knowledge pack into EventTracker ............................................................................ 14

Alerts ............................................................................................................................................................... 14

Templets .......................................................................................................................................................... 17

Flex Reports ..................................................................................................................................................... 18

Knowledge Objects .......................................................................................................................................... 20

Dashboards ...................................................................................................................................................... 21

Verifying Passwordstate knowledge pack in EventTracker ................................................................................. 23

Knowledge Object ........................................................................................................................................... 23

Templets .......................................................................................................................................................... 24

Flex Reports ..................................................................................................................................................... 25

Alerts ............................................................................................................................................................... 26

3


Passwordstate Enterprise Password Management

Passwordstate is an on-premise web-based solution for Enterprise Password Management, where teams of people can access and share sensitive password resources. Role based administration and end-to-end event auditing provides a secure platform for password storage and collaboration. Many features are available in Passwordstate, without any additional cost e.g. Secure Password Vault, Account Discoveries, Account Heartbeats, Flexible Password Reset Engine, Remote Session Management, Scriptable API, Browser Extensions, Mobile Client, Compliance Reporting, Many 2FA Options, Auditing, and Email Alerts.

Prerequisites • EventTracker v9.x should be installed.

• Passwordstate Enterprise Password Management application should be installed and configured.

• An exception should be added into the windows firewall on the EventTracker machine for Syslog port

514.

Configuring Passwordstate to send Syslog to EventTracker

Logging into the Passwordstate

1. Launch the Passwordstate login Page.

2. Enter your User ID and Password to authenticate.

3. Click on Logon.

Figure 1

4


Enabling the Syslog Service You can configure Passwordstate to send logs to a syslog server in addition to Elasticsearch in Eventtracker.

It will send all the auditing data to one of your own internal Syslog servers. It is the Passwordstate Windows Service which checks every minute for new data to send, and the Windows Service keeps track of the latest auditing record which was successfully sent, and only send subsequent records. Communication to Syslog servers can also be done over UDP or TCP, against the port number specified. If needed, you can also modify the date/time formatting of the messages sent to Syslog servers.

1. In Passwordstate (Form based authentication page) select ADMINISTRATION.

2. Select System Setting from the list under the Administration tab.

Figure 2

5


3. In System setting select proxy and syslog servers tab.

Figure 3

4. Under the proxy and Syslog servers complete the Syslog server details.

5. In Syslog server tab provide Eventtracker Manager’s IP address.

6. Provide the Port Number.

7. And select the Protocol type.

Figure 4

8. Click on Save and Close option.

6


Figure 5

Passwordstate Knowledge Pack

Alerts

• Passwordstate Failed Login: This Alert provides information related to login failure details.

7


Flex Reports 1. Passwordstate Password Management: This report provides information related to password

management operations (password deleted, password added, password modified, etc.)

Figure 6

Sample Log:

2. Passwordstate Group Management: This report provides information related to security group

management (new security group created, added, modified, removed, updated etc.)

May 10 12:01:21 XYZ123 2019-05-10 12:00:49 10.87.22.100 Passwordstate: adarsh (adarsh) updated mary 's (123) password for their account. Client IP Address = 10.22.87.100

8


Figure 7

Sample Log:

3. Passwordstate Logon Activities: This report provides information related to login-logoff activities by

users.

May 10 14:51:22 Test123 2019-05-10 14:50:35 10.212.33.90 Passwordstate: William (William) added the Local Security Group 'test2' to Passwordstate. Client IP Address = 10.90.212.33

9


Figure 8

Sample Log:

4. Passwordstate Login Failure Activities: This report provides information related to login failures by

users.

May 13 16:48:51 ntpldtblr44 2019-05-13 16:48:39 10.22.87.100 Passwordstate: Manual logoff for UserID ''test1'' from the IP Address 10.22.87.100. Client IP Address = 10.22.87.100 May 10 10:20:21 ntpldtblr44 2019-05-10 10:20:12 10.22.87.100 Passwordstate: Successful Forms Based login for UserID 'adarsh' from the IP Address 10.22.87.100. Client IP Address = 10.28.100.39

10


Figure 9

Sample Log:

5. Passwordstate User Management: This report provides information related to user account

management by administrator e.g. (new user added, deleted, account updated, account disabled,

granted access etc.)

Apr 09 03:15:17 stone5 Apr 09 03:15:26 10.22.55.68 Passwordstate: Failed 'Active Directory' login attempt for UserID 'contoso\john' from the IP Address '10.22.55.100'. Client IP Address = 10.22.55.100 May 14 16:18:07 ntpldtblr44 2019-05-14 16:17:23 10.22.55.100 Passwordstate: Failed 'Forms Based' login attempt for UserID 'adarsh' from the IP Address '10.22.55.100'. Client IP Address = 10.22.55.100

11


Figure 10

Sample Log :

Dashboards 1. Passwordstate Activities :

May 10 15:00:23 ntpldtblr44 2019-05-10 14:59:53 172.28.100.240 Passwordstate: adarsh (adarsh) disabled the User Account 'pratik (test3)'. Client IP Address = 172.28.100.36

12


Figure 11

2. Passwordstate Login Activities by Geo-location:

Figure 12

13


3. Passwordstate Login Activities by Users:

Figure 13

4. Passwordstate User Account Activity:

Figure 14

14


5. Passwordstate Document Modification by User:

Figure 15

Importing Passwordstate knowledge pack into

EventTracker • Alerts

• Templets

• Flex Reports

• Knowledge Objects

• Dashlets

Alerts 1. Launch the EventTracker Control Panel.

2. Double click Export-Import Utility

15


Figure 16

3. Click the Import tab.

4. Select the Alert option.

5. Click on Browse button and select file path.

6. Click on Import.

16


Figure 17

7. Alerts are now imported successfully.

Figure 18

17


Templets 1. Login to EventTracker console.

2. Click on the Admin option in the EventTracker Manager Page. 3. Select Parsing Rules.

Figure 19

4. Select Templet and click on the import icon.

Figure 20

5. Browse Passwordstate Templet files.

Figure 21

6. Select all Passwordstate Template names.

7. Click on the Import button.

18


Figure 22

8. Templets imported successfully.

Figure 23

Flex Reports On EventTracker Control Panel,

1. Click Reports option and select new(.etcrx) from the option.

19


Figure 24

2. Locate the file named Reports_ Passwordstate.etcrx and select all the checkbox.

20


Figure 25

3. Click the Import button to import the reports. EventTracker displays a success message.

Figure 26

Knowledge Objects 1. Login to EventTracker console.

2. Click on Knowledge objects under the Admin option in the EventTracker manager page.

21


Figure 27

3. Locate the file named KO_Passwordstate.etko

Figure 28

4. Now select all the checkbox and then click on the ‘Upload’ option.

5. Knowledge objects are now imported successfully.

Figure 29

Dashboards 1. Open EventTracker Enterprise in the browser and log in.

Figure 30

2. Navigate to My Dashboard.

22


3. Click on the Import configuration icon on the top right corner.

4. In the popup window browse the file named Dashboard_Passwordstate.etwd

Figure 31

5. Now select all the checkbox and then click on the Import option.

Figure 32

6. Click ‘customize’ to locate and choose created dashlets.

7. Click Add to add Dashlets to the dashboard.

23


Figure 33

Verifying Passwordstate knowledge pack in

EventTracker

Knowledge Object 1. In the EventTracker Enterprise web interface, click the Admin drop-down, and then click Knowledge

Objects.

2. In the Knowledge Object tree, expand the Passwordstate group folder to view the imported Knowledge

objects.

24


Figure 34

Templets 1. In the EventTracker Enterprise web interface, click the Admin drop-down, and then click Parsing Rules.

Figure 35

2. Select Templet and find the Paswordstate Group.

3. Click on Passwordstate Group to see the All Templets.

25


Figure 36

Flex Reports 1. In the EventTracker Enterprise web interface, click the Reports icon, and then select the Report

Configuration.

Figure 37

2. In Reports Configuration pane, select a defined option.

3. Click on the Passwordstate group folder to view the imported Passwordstate reports.

26


Figure 38

Alerts 1. In the EventTracker Enterprise web interface, click the Admin icon, and then select Alerts.

Figure 39

2. In the Alert search bar, we can search the alert name and view the imported Passwordstate Alerts.

27


Figure 40

integrate passwordstate - eventtracker...4. now select all the checkbox and then click on the...

Documents