PAM Unix is supported by multiple Unix flavors, such as Red Hat Linux, HP-UX, and Solaris. Unix: When collecting syslogs directly from Unix machines, PAM Unix is supported. For details on installing the PTA Windows Agent, see Install PTA Windows Agents. PTA can also receive Windows events from the PTA Windows Agent. In order for PTA to monitor activity of privileged accounts in Windows machines, Windows security events from each monitored Windows machine must be forwarded to the SIEM and from the SIEM to PTA. (see Supported SIEM Solutions.) PTA supports these event types, which is supported in Windows 2003 and higher. Windows: The integration with Windows is based on the Windows Security Log Events shown in the table below. The following platforms are supported today out of the box: PTA significantly enhances the information provided by SIEM solutions to detects anomalous activity and generates targeted, actionable alerts for high-risk incidents. SIEM solutions are widely used to collect, analyze and alert on network activity. Supported device types are operating system and database. In this integration specific events are accepted. The analytics engine then looks for deviations from the baseline (normal behavior) to detect and alert on anomalous behaviors that may indicate the credential has been accessed by an unauthorized user. This data feed enables the analytics engine to build behavioral profiles of all designated privileged users, accounts and systems. The Vault provides highly valuable and granular information about individual privileged users. The following table provides an overview of how PTA integrates with the different sensors to receive data: PTA integrates with various sensors to receive data.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |