SecurityIQ: Extending the SecurityIQ Identity Collector with IdentityIQ User Data

SecurityIQ: Extending the SecurityIQ Identity Collector with IdentityIQ User Data

SecurityIQ Version: 5.0, 5.0p1

IdentityIQ Version: 7.1p1

A guide on how to extend an existing identity collector with user information stored in the IdentityIQ database.

Document Revision History

Identity Collector Extension

A set up guide to leverage IdentityIQ user information in SecurityIQ by extending the SecurityIQ Identity Collector with IdentityIQ Database information.

Steps overview:

  • Define the Data Source
  • Configure the Identity Collector to join data sources
  • Mapp the fields
  • Run Identity Collector Task and Test

Defining the Data Source

MySQL IdentityIQ Database

If your IdentityIQ Database is a MySQL DB, you must first create an ODBC System data source since there is no MySQL Type available in the Data Source Wizard setup. Otherwise, skip to the “Defining the Data Source in the SecurityIQ Admin client” section.

ODBC System Data Source

Using the ODBC Data Source Administrator, select the System DSN tab and click “Add…”, select the appropriate driver and fill out the Connection Parameter

ODB Data Source Administrator.png

Defining the Data Source in the SecurityIQ Admin client

To access the Data Source Wizard, navigate to: Systems -> Data Sources -> New

Give the data source a name and select the appropriate data source type, then click “Next”.

Fill in the needed parameters. Enter the data base query for the fields in the spt_identity table of the identityiq database. The fields are connector type specific. Below are some examples:

ODBC DB Source                                               Oracle DB Source

 

SQL Server Source

Next, click “Test” to confirm the connection and query results. Finally, click “finish” to save and exit.

(Do not join the data with another source at this time.)

Configuring the Identity Collector

Joining the Data Sources

Access the Identity Collector Configuration Wizard, navigate to: Applications -> Permissions Management -> Identity Collector. Right click the existing Identity Collector and choose “edit”.

Within the configuration wizard, choose the Identity Collector Section and click “Next” until you reach the “Identity Collector: Users Collection (3 of 5)” page.

Next, choose the data source we created in the previous section of this document from the drop-down menu. For the local key, choose sAMAccountName, the unique user identifier used by SecurityIQ. For the Remote Key, choose ‘name’ from the drop-down menu.

‘sAmAccountName’ <-> ‘name’ is the mapping used to match the users in SecurityIQ with the user in the remote database (IdentityIQ).

Test the Data Source and click ‘Next’.

Mapping the Fields

On the ‘User Collection (4 of 5)’ create and map the fields in SecurityIQ to the fields from the IdentityIQ data source. Click “(Create a new Field)” and name the new SecurityIQ field, it is best practice to append the name with “- IIQ” so that it is easily identifiable what the information source is. Select the type of information the field is, i.e. what, who, where.

Next, choose the field you just created from the dropdown menu as well as the corresponding IdentityIQ data source field. Click the “+” button to add additional fields. Click “Finish” to save and close.

Run Task and Test

Navigate to System->Scheduled Task, right click and run the ‘Identity Collector’ task.

Once the task is complete, navigate to Permissions->Identities and Permissions Forensics. In the Query Builder choose an ‘Identities’ Query Type with a “Who” question type. If the Identity Collector extension was successful, the newly extended attributes will be options in the drop-down menu as well as visible in query results.

Version history
Revision #:
1 of 1
Last update:
‎Aug 07, 2017 06:00 PM
Updated by: