ALERT! The community will be read-only starting on April 19, 8am Pacific as the migration begins. Read more for important details.
ALERT! The community will be read-only starting on April 19, 8am Pacific as the migration begins.Read more for important details.
Cadet 1st Class
Cadet 1st Class

Lieberman Software Priviledged Identity Managment

Does anyone have experience with Lieberman Software Privileged Identity Management software?

One of my groups just notified me that they were testing it - I told them to ask if logs could be ported to ArcSight, and lo and behold, there is a checkbox that says "Send to ArcSight" built in?  I wonder if someone has experience on how to tune it to send the events that would be pertinent.

Labels (2)
Tags (3)
2 Replies
Absent Member.
Absent Member.


I have attached the integration config guide with Lieberman.  It gives a little more info about the integration, but i don't believe it covers tuning of the event feed.  I have contacted the people i worked with at Lieberman for more details.



Absent Member.
Absent Member.

The integration time with ArcSight only takes a few minutes and is very flexible.

We have a built-in event sink feature in our products that allows you to send all or any selected group of events directly to the ArcSight logger in real-time using SYSLOG.  There is no need to import logs or write complex customizations or ArcSight connectors to get privileged identity informaiton into ArcSight from our products..

The entire process can be summed up with the following steps:

1) Open the event sink dialog within our products (RPM or ERPM)

2) Create a new event sink

3) Specify SYSLOG and CEF formats

4) Provide the name or IP address of the ArcSight SYSLOG servers

5) Select the events you want us to feed to ArcSight

6) Click OK

That's pretty much all it takes to get events in to ArcSight.  You will see the events in ArcSight immediately as they occur. 

The total set-up time shoudl take less than 10 minutes.

If you would like to have one of our systems engineers help you, email or call us at 310-550-8575.

Once you have the events showing up in ArcSight, you can then correlate privileged identity use to specific users that are using root, administrator, sa, and other accounts.  Its pretty cool being able to see who is using these high powered accounts within ArcSight!

Hope that helps!


The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.