Views:

Grant Trend Micro permission to access your CyberArk data in one or multiple tenants for use in Trend Vision One apps.

Procedure

  1. Create an OAuth2 client in CyberArk for Trend Vision One to access object data.
    Objects represent the resources managed by CyberArk solutions, including users, devices, applications, and others.
    1. Log in to your CyberArk Identity Security Platform.
    2. In the left panel, click the icon for selecting a service (CyberArk-Select-Service=45d48f9d-ccf5-4a52-9dce-afb07f6561f8.png) and choose Identity Administration.
    3. Create an OAuth2 client.
      1. Go to Apps & WidgetsWeb Apps and then click Add Web Apps.
      2. Click Custom and then click Add next to OAuth2 Client.
      3. Click Yes and then click Close.
        The settings screen for the OAuth2 client is displayed.
    4. Configure the OAuth2 client settings.
      For more information about the settings, see the CyberArk documentation.
      Section
      Configuration
      Settings
      1. Set Application ID and record the application ID for later use.
      2. Set Display Name to a unique name.
      Tokens
      1. Set Token Type to JwtRS256.
      2. Set Auth methods to Client Creds.
      3. Set the other fields based on your requirements.
      Scope
      1. Click Add.
      2. Type read in the Name field.
      3. Click Add under Allowed REST APIs.
      4. Type the value .*.
      5. Click Save.
    5. Create a service user and associate it with the OAuth2 client.
      1. Go to Core ServicesUsers and click Add User.
      2. Set Login name, Email address, and Display name.
      3. Under Password Type, select Manual and set your password.
        Record the password for later use.
      4. In the Status section, select Is OAuth confidential client and then click Create User.
      5. On the Users screen, locate the service user and record the Login Name for later use.
      6. Click the service user, click Application Settings, select the OAuth2 client just created, and click Save.
      7. Enter a user name and click OK.
    6. Create a role and assign the role to the service user.
      1. Go to Core ServicesRoles.
      2. Click Add Role, specify a unique name for the role, and click Save.
      3. Click Members, click Add, search for and select the service user just created, and click Add.
      4. Click Administrative Rights, click Add, locate and select the following administrative rights, and click Add.
        • Read Only Role Management
        • Read Only System Administration
        • Read Only User Management
        • Read permissions for Risk Management machine identities dashboards
        • Read permissions for Risk Management pCloud dashboard
        • Read-only for settings
        • Read-only for Threat Detection and Response monitoring
        • Read-only permission for the Domain customization in Administration space
      5. Click Save.
    7. Grant the service user permissions on the OAuth2 client.
      1. Go to Apps & WidgetsWeb Apps.
      2. Locate and click the OAuth2 client you just created.
      3. Click the Permissions tab, click Add, search for and select the role assigned to the service user associated with the OAuth2 client, and then click Add.
      4. Select the permissions Run and Automatically Deploy.
      5. Click Save.
  2. Create an OAuth2 server in CyberArk for Trend Vision One to access audit information.
    Trend Vision One requires access to audit information to sync object updates from CyberArk.
    1. Create an OAuth2 server.
      1. Go to Apps & WidgetsWeb Apps and then click Add Web Apps.
      2. Click Custom and then click Add next to OAuth2 Server.
      3. Click Yes and then click Close.
        The settings screen for the OAuth2 server is displayed.
    2. Configure the OAuth2 server settings.
      Section
      Configuration
      Settings
      1. Set Application ID and record the application ID for later use.
      2. Set Display Name to a unique name.
      Tokens
      1. Set Token Type to JwtRS256.
      2. Under Auth methods, make sure you select Client Creds.
      Scope
      1. Click Add.
      2. Copy and paste isp.audit.events:read in the Name field.
      Advanced
      Copy and paste the following, and click Save.
      setClaim('tenant_id', TenantData.Get("CybrTenantID")); setClaim('aud', 'cyberark.isp.audit');
    3. Create a service user and associate it with the OAuth2 server.
      1. Go to Core ServicesUsers and click Add User.
      2. Set Login name, Email address, and Display name.
      3. Under Password Type, select Manual and set your password.
        Record the password for later use.
      4. In the Status section, select Is OAuth confidential client and then click Create User.
      5. On the Users screen, locate the service user and record the Login Name for later use.
      6. Click the service user, click Application Settings, select the OAuth2 server just created, and click Save.
      7. Enter a user name and click OK.
    4. Create a role and assign the role to the service user.
      1. Go to Core ServicesRoles.
      2. Click Add Role, specify a unique name for the role, and click Save.
      3. Click Members, click Add, search for and select the service user just created, and click Add.
      4. Click Administrative Rights, click Add, locate and select the following administrative rights, and click Add.
        • Read Only Role Management
        • Read Only System Administration
        • Read Only User Management
        • Read permissions for Risk Management machine identities dashboards
        • Read permissions for Risk Management pCloud dashboard
        • Read-only for settings
        • Read-only for Threat Detection and Response monitoring
        • Read-only permission for the Domain customization in Administration space
        • Show Audit Service Tile
        • Show Export to SIEM in Administration space
      5. Click Save.
    5. Grant the service user permissions on the OAuth2 server.
      1. Go to Apps & WidgetsWeb Apps.
      2. Locate and click the OAuth2 server you just created.
      3. Click the Permissions tab, click Add, search for and select the role assigned to the service user associated with the OAuth2 server, and then click Add.
      4. Select the permissions Run and Automatically Deploy.
      5. Click Save.
  3. Add a SIEM integration for Trend Vision One to access audit information.
    1. In the left panel, click the icon for selecting a service (CyberArk-Select-Service=45d48f9d-ccf5-4a52-9dce-afb07f6561f8.png) and choose Administration.
    2. Go to My environmentIntegrationsExport to SIEM.
    3. Click Create and select Create SIEM integration.
    4. Enter a name for the SIEM integration.
    5. Click Apply.
      An API key is created.
    6. On the SIEM integrations screen, click More information on the SIEM integration just created.
    7. Under Step 2, copy and record the subdomain in the API base URL.
      For example, if the API base URL is https://example-subdomain.audit.cyberark.cloud, copy example-subdomain.
    8. Copy and record the API key for later use.
  4. Obtain the tenant ID from CyberArk Identity Security Platform.
    1. Click your user name in the upper right corner and click About.
    2. Copy and record the ID in the Identity section for later use.
  5. Configure CyberArk integration settings in Trend Vision One.
    1. In your Trend Vision One console, go to Workflow and AutomationThird-Party Integrations.
    2. Locate and click CyberArk.
    3. Click Add tenant.
    4. Configure permissions to sync your CyberArk data to Trend Vision One.
      Section
      Setting
      Configuration
      -
      Tenant ID
      Paste the tenant ID you copied in step 4.
      Object data access
      OAuth2 client application ID
      Paste the application ID you copied in step 1
      OAuth2 client service user name
      Paste the service user login name you copied in step 1.
      OAuth2 client service user password
      Paste the service user password you copied in step 1.
      Audit information access
      OAuth2 server application ID
      Paste the application ID you copied in step 2
      OAuth2 server service user name
      Paste the service user login name you copied in step 2.
      OAuth2 server service user password
      Paste the service user password you copied in step 2.
      Subdomain in API base URL
      Paste the subdomain you copied in step 3.
      SIEM integration API key
      Paste the API key you copied in step 3.
    5. Click Save.