Symantec IGA

 View Only
  • 1.  CA Identity governance SBT

    Posted Dec 17, 2019 09:12 AM
    hi Team,

    Could you please some one help with the CA Identity Governance SBT file for following.

    1) Ctrl+A and Ctrl+L in user pane
    2) Creating partial configuration.

    We have to automate this process. 



  • 2.  RE: CA Identity governance SBT

    Broadcom Employee
    Posted Dec 17, 2019 09:44 AM
    Please refer to the following URL for the SBT format.  

    https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-identity-and-access-management/identity-governance/14-3/programming/executing-batch-sbt-files.html

    Best regards,
    Frank

    ------------------------------
    ------------------------------
    And, as always Perhaps there are others in the communities who have experience in doing this and we invite them to comment here also.
    Another option may be to reach out to our partner HCL Technologies to see in what way they can assist further. The Enterprise Studio team of HCL can be reached at enterprisestudio@hcl.com. https://www.hcltech.com/enterprise-studio
    ------------------------------



  • 3.  RE: CA Identity governance SBT

    Posted Dec 24, 2019 09:58 AM
    Edited by Vignesh Natarajan Dec 24, 2019 10:05 AM
      |   view attached
    hi Frank,

    Thanks for your information.

    We are trying to automate the " Resource Matching" 60%   of a Role's Users in in/out pattern.

    We have tried with a lot of combinations but we couldn't get the results so could you please help us here.


    SBT:

    <!--  <!--  **********************************************************************  * File name : Audit_batch.XLM* Description : run an audit on a specific configuration***********************************************************************  --> <BATCH LOG="..\logs\error1.log"> <COMMAND ACTION="RUN AUDIT"  SOURCE_CFG="..\output\UsersFiltered_withoutowner.cfg"  TARGET_AUD="..\output\inoutstep5result1.aud" OVERWRITE_TARGET_AUD="FALSE" MAX_BPR_ALERTS="1000" MAX_ENTITY_ALERTS="100000" MAX_CATEGORY_ALERTS="100000"> <SETTINGS TESTS="PROPOSE_NEW_RESOURCES" RELATED_ROLES_USERS="65"  /> </COMMAND>
    </BATCH>

    Attached a screen shot for your your reference.



  • 4.  RE: CA Identity governance SBT

    Posted Dec 27, 2019 03:51 AM
    Hi Team,

    We managed to get the following script. But it is taking default score is 80 and it displaying the suspected entities of "Resource Almost matches a Role" 80 and above.

    But as per the business requirement we need the data of 65 and above. could you please suggest how can we achieve this with below SBT script.



    <!--  <!--  
    **********************************************************************  
    * File name : Audit_batch.XLM* Description : run an audit on a specific configuration
    ***********************************************************************  --> 
    <BATCH LOG="..\logs\error1.log">
    <COMMAND ACTION="RUN AUDIT" 
    SOURCE_CFG="..\output\UsersFiltered_withoutowner.cfg" 
    TARGET_AUD="..\output\inoutstep5result1.aud" 
    OVERWRITE_TARGET_AUD="TRUE"
    MAX_BPR_ALERTS="100000"
    MAX_ENTITY_ALERTS="100000"
    MAX_CATEGORY_ALERTS="100000">
    <SETTINGS TESTS="PROPOSE ADDITIONAL RESOURCES" />
    </COMMAND>
    </BATCH>

    Regards,
    Vignesh N


  • 5.  RE: CA Identity governance SBT

    Posted Jan 06, 2020 01:16 AM
    Could you please some one provide update on this.


  • 6.  RE: CA Identity governance SBT
    Best Answer

    Posted Jan 07, 2020 10:49 AM
    I think it would be something like this:

    <BATCH><BATCH> <COMMAND ACTION="RUN AUDIT"  SOURCE_CFG=".\ConfigWithRoles.cfg"  TARGET_AUD=".\BatchRun.aud" OVERWRITE_TARGET_AUD="TRUE" MAX_BPR_ALERTS="1000" MAX_ENTITY_ALERTS="10" MAX_CATEGORY_ALERTS="100"> <SETTINGS TESTS="PROPOSE ADDITIONAL RESOURCES"  ROLE_ADDITIONAL_RESOURCES="65" /> </COMMAND></BATCH>

    Note:  I didn't test this(just looked at batch examples)


  • 7.  RE: CA Identity governance SBT

    Posted Jan 08, 2020 01:04 AM
    Hi Ricky,

    Really appreciate your help in this , it is working fine now !!!

    We do have RULE BASED SEARCH Query .  is there any way to convert this as structured search query.

    <BATCH LOG="..\logs\structuredrole.log"><BATCH LOG="..\logs\structuredrole.log"> <COMMAND ACTION="RULE-BASED SEARCH" ROLE_NAME_PREFIX="Organization" SOURCE_CFG="..\test_sbt\FixedAudit65Matching.cfg"  TARGET_CFG="..\test_output\discoveredrole.cfg"> <ATTRIBUTE>deptNumber</ATTRIBUTE> SEARCH_MODE="CONNECTIONS" MIN_PERCENT_WITHIN_GROUP="65" MAX_RULES_PER_GROUP="1" MIN_NEWLY_COVERED_CONNECTIONS_NUM="0" MIN_NEWLY_COVERED_CONNECTIONS_PCT="0" MIN_RESOURCES_NOT_COVERED_NUM="0" MIN_RESOURCES_NOT_COVERED_PCT="0" MIN_USERS_NOT_COVERED_NUM="0"  MIN_USERS_NOT_COVERED_PCT="0" MIN_USERS="2" MIN_RESOURCES="1" MAX_ROLES="10000"></COMMAND> 
    </BATCH>


  • 8.  RE: CA Identity governance SBT

    Posted Jan 08, 2020 09:45 AM

    I do not think that a Structured search is available via SBT. 

     

    What you can try to do is to simulate a structured search by running the rule based search multiple times with different attributes.

     

    Step 1:  RuleBased Search with Attribute 1

    Step 2:  Remove Redundant

    Step 3:  RuleBased Search with Attribute 2

    Step 4:  Remove Redundant

    Etc.

     

    Ricky Gloden

    Security Architect  |  Enterprise Studio

    HCL Technologies Ltd  |  www.hcltech.com

    +1 770-377-6865  |  ricky.gloden@hcl.com  | Atlanta, GA

    /Users/rickygloden/Library/Containers/com.microsoft.Outlook/Data/Library/Caches/Signatures/signature_582542219    

    ::DISCLAIMER::

    The contents of this e-mail and any attachment(s) are confidential and intended for the named recipient(s) only. E-mail transmission is not guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or may contain viruses in transmission. The e mail and its contents (with or without referred errors) shall therefore not attach any liability on the originator or HCL or its affiliates. Views or opinions, if any, presented in this email are solely those of the author and may not necessarily reflect the views or opinions of HCL or its affiliates. Any form of reproduction, dissemination, copying, disclosure, modification, distribution and / or publication of this message without the prior written consent of authorized representative of HCL is strictly prohibited. If you have received this email in error please delete it and notify the sender immediately. Before opening any email and/or attachments, please check them for viruses and other defects.