FortiSIEM Setting up CyberArk

Leave a reply
Setting up CyberArk

This section specifies how FortiSIEM can be configured to fetch credentials from CyberArk.

Installing CyberArk Provider in FortiSIEM
  1. Login to FortiSIEM as root
  2. Run the rpm command to begin the installation:

The installation runs automatically and does not require any interactive response from the user. When the installation is complete, the following message appears: “Installation process completed successfully.”

Configuring CyberArk Provider in FortiSIEM
  1. Login as root
  2. Open the Vault.ini file and specify the parameters of the Vault that will be accessed by the Provider
  3. Run CreateCredFile to create a credential file for the administrative user that will create the Vault environment during installation.
  4. Check the log file /var/tmp/aim-install-logs/CreateEnv.log to make sure that the Provider environment was created successfully
  5. Start the CyberArk Application Password Provider service manually as a privileged user
  6. Run ldconfig
Configuring CyberArk for communication with FortiSIEM
  1. Login to CyberArk Password Vault Web Access (PVWA) Interface as an user allowed to managed applications (it requires Manage Users authorization).
  2. Add FortiSIEM as an Application
    1. Go to Applications and click Add Application.
    2. Set Name to FortiSIEM
    3. In the Description, specify a short description of the application that will help you identify it (e.g. FortiSIEM SIEM)
    4. In the Business owner section, specify contact information about the application’s Business owner.
    5. In the lowest section, specify the Location of the application in the Vault hierarchy. If a Location is not selected, the application will be added in the same Location as the user who is creating this application.
    6. Click Add; the application is added and is displayed in the Application Detailspage
  3. Check Allow extended authentication restrictions – this enables you to specify an unlimited number of machines and Windows domain OS users for a single application
  4. Specify the application’s (FortiSIEM) Authentication This information enables the Credential Provider to check certain application characteristics before retrieving the application password.
    1. In the Authentication tab, click Add; a drop-down list of authentication characteristics is displayed.
    2. Specify the OS user as “admin” and Click
    3. Specify the application path as “/opt/phoenix/bin”. Make sure Path is folder and Allow internal scripts to request credentials… check boxes are checked
    4. Do not specify a hash
    5. In the Allowed Machines tab, click Add and specify the IP/host name of the FortiSIEM Supervisor, Workers and Collectors 5.  Authorize FortiSIEM to retrieve accounts.
    6. Go to Policies > Access Control (Safes)
    7. For every Safe, Click on Members.
    8. Click on Add Safe Member
    9. Search for FortiSIEM. An entry will already exist. Select that entry.
    10. Check Retrieve accounts.
    11. Click Add

Now FortiSIEM should be ready to retrieve passwords from CyberArk via Test Connectivity and Discovery.

 

 

This entry was posted in Administration Guides, FortiSIEM on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.