SecurityIQ: Extending the SecurityIQ Identity Collector with IdentityIQ User Data
SecurityIQ Version: 5.0, 5.0p1
IdentityIQ Version: 7.1p1
A guide on how to extend an existing identity collector with user information stored in the IdentityIQ database.
Document Revision History
Identity Collector Extension
A set up guide to leverage IdentityIQ user information in SecurityIQ by extending the SecurityIQ Identity Collector with IdentityIQ Database information.
- Define the Data Source
- Configure the Identity Collector to join data sources
- Mapp the fields
- Run Identity Collector Task and Test
Defining the Data Source
MySQL IdentityIQ Database
If your IdentityIQ Database is a MySQL DB, you must first create an ODBC System data source since there is no MySQL Type available in the Data Source Wizard setup. Otherwise, skip to the “Defining the Data Source in the SecurityIQ Admin client” section.
ODBC System Data Source
Using the ODBC Data Source Administrator, select the System DSN tab and click “Add…”, select the appropriate driver and fill out the Connection Parameter
Defining the Data Source in the SecurityIQ Admin client
To access the Data Source Wizard, navigate to: Systems -> Data Sources -> New
Give the data source a name and select the appropriate data source type, then click “Next”.
Fill in the needed parameters. Enter the data base query for the fields in the spt_identity table of the identityiq database. The fields are connector type specific. Below are some examples:
ODBC DB Source Oracle DB Source
SQL Server Source
Next, click “Test” to confirm the connection and query results. Finally, click “finish” to save and exit.
(Do not join the data with another source at this time.)
Configuring the Identity Collector
Joining the Data Sources
Access the Identity Collector Configuration Wizard, navigate to: Applications -> Permissions Management -> Identity Collector. Right click the existing Identity Collector and choose “edit”.
Within the configuration wizard, choose the Identity Collector Section and click “Next” until you reach the “Identity Collector: Users Collection (3 of 5)” page.
Next, choose the data source we created in the previous section of this document from the drop-down menu. For the local key, choose sAMAccountName, the unique user identifier used by SecurityIQ. For the Remote Key, choose ‘name’ from the drop-down menu.
‘sAmAccountName’ <-> ‘name’ is the mapping used to match the users in SecurityIQ with the user in the remote database (IdentityIQ).
Test the Data Source and click ‘Next’.
Mapping the Fields
On the ‘User Collection (4 of 5)’ create and map the fields in SecurityIQ to the fields from the IdentityIQ data source. Click “(Create a new Field)” and name the new SecurityIQ field, it is best practice to append the name with “- IIQ” so that it is easily identifiable what the information source is. Select the type of information the field is, i.e. what, who, where.
Next, choose the field you just created from the dropdown menu as well as the corresponding IdentityIQ data source field. Click the “+” button to add additional fields. Click “Finish” to save and close.
Run Task and Test
Navigate to System->Scheduled Task, right click and run the ‘Identity Collector’ task.
Once the task is complete, navigate to Permissions->Identities and Permissions Forensics. In the Query Builder choose an ‘Identities’ Query Type with a “Who” question type. If the Identity Collector extension was successful, the newly extended attributes will be options in the drop-down menu as well as visible in query results.