Best practices when integrating third party SaaS alarms into UIM
If you have a third party Saas product that generates alarms, and you want to integrate those alarms with an on premise UIM environment, special care should be taken since that information/events will come from Internet.
Third party Saas products usually offer different type of integrations, but those which use secure protocols and authentication should be used. It is very common that Saas products offer Webhooks integration type, which can be configured against the UIM API over a secure TLS communication.
There are some rules and best practices to follow,
- Expose as less components as possible to Internet
- Expose only the UIM rest API, not a full UMP server
- Expose the UIM rest API from a DMZ area
- Configure TLS on the wasp probe.
- Disable non secure port and/or configure automatic HTTPS redirect
- Create a special and dedicated user for this integration
- Create a user with only the minimum required user permissions
- Web Service
- Alarm Management
- Accept (alarms)
- Use a strong password
- UIM rest API server should only attend requests from your third party Saas platform
- Configure the firewall to deny any other connection coming from Internet.
High level architecture
NOTE:
UIM Robot in the DMZ it is NOT a UMP server, it is a standard robot, with the wasp probe and the webservices_rest package.