Lieberman Software Priviledged Identity Managment
Does anyone have experience with Lieberman Software Privileged Identity Management software?
One of my groups just notified me that they were testing it - I told them to ask if logs could be ported to ArcSight, and lo and behold, there is a checkbox that says "Send to ArcSight" built in? I wonder if someone has experience on how to tune it to send the events that would be pertinent.
The integration time with ArcSight only takes a few minutes and is very flexible.
We have a built-in event sink feature in our products that allows you to send all or any selected group of events directly to the ArcSight logger in real-time using SYSLOG. There is no need to import logs or write complex customizations or ArcSight connectors to get privileged identity informaiton into ArcSight from our products..
The entire process can be summed up with the following steps:
1) Open the event sink dialog within our products (RPM or ERPM)
2) Create a new event sink
3) Specify SYSLOG and CEF formats
4) Provide the name or IP address of the ArcSight SYSLOG servers
5) Select the events you want us to feed to ArcSight
6) Click OK
That's pretty much all it takes to get events in to ArcSight. You will see the events in ArcSight immediately as they occur.
The total set-up time shoudl take less than 10 minutes.
If you would like to have one of our systems engineers help you, email firstname.lastname@example.org or call us at 310-550-8575.
Once you have the events showing up in ArcSight, you can then correlate privileged identity use to specific users that are using root, administrator, sa, and other accounts. Its pretty cool being able to see who is using these high powered accounts within ArcSight!
Hope that helps!