Symantec Privileged Access Management

 View Only
  • 1.  Alert Generate in CA PAM ?

    Posted Apr 01, 2019 01:51 PM

    can any body tell me how many alert is generate in ca pam?

    Is it possible configure to generated Alert??

    Alert should be generated,
    IF anybody tries to view password, if not authorised, this should generate alerts. 
    If somebody changes user role/permissions, 
    if someone changes policy, 
    if someone changes security configuration, 
    if someone changes log configuration , these should generate alerts. 
    If session recording mount is unavailable, this should generate alerts. 
    If someone removes device from PAM, this should generate alert



  • 2.  Re: Alert Generate in CA PAM ?

    Broadcom Employee
    Posted Apr 03, 2019 04:23 PM

    Hello Sudip, PAM supports integration with a syslog server or a Splunk server. All the activities you listed generate messages that would be sent to the syslog/Splunk server, and you configure alerts on those, not in PAM.



  • 3.  Re: Alert Generate in CA PAM ?

    Posted Apr 03, 2019 10:19 PM

    Thank you

     

    You means to say CA PAM will send this alert to syslog/splunk server.

    Is we need to configure for sending this type of alert from CA PAM.

    Is possible can you give document that what CA PAM would be sent this alert to syslog server.



  • 4.  Re: Alert Generate in CA PAM ?

    Posted Apr 05, 2019 10:30 AM

    The PAM documentation Wiki contains a section Syslog Message Formats:  Syslog Message Formats - CA Privileged Access Manager - 3.2.4 - CA Technologies Documentation.  This is broken up into 5 sub-sections:

    Session Management Log Formats
    Credential Management Log Formats
    GKMonitor
    Logwatch
    Other Messages

     

    This doesn't detail the exact messaging you'll see, but does give you the general idea and provides some examples. 

     

    In addition to syslog, you can also configure PAM to use SNMP.  One aspect of SNMP is the ability to send alerts to a network management server.  The alerts that PAM can send, and the data that is available by polling, can be seen in the PAM MIB.  You can see how to configure SNMP on the Configuring Your Server page:  Configuring Your Server - CA Privileged Access Manager - 3.2.4 - CA Technologies Documentation.  The MIB itself may be retrieved here: 

    CA PAM 2.8.3-3.2 MIB