11.2 Integrating with Identity Management Solutions

Change Guardian provides an integration framework for AD or IDM to track identities of each user account and what events those identities have performed.

This integration provides functionality on several levels:

  • The People Browser provides the ability to look up the following information about a user:

    • Contact information

    • Accounts associated with that user

    • Most recent authentication events

    • Most recent access events

    • Most recent permissions changes

  • Reports and Correlation rules provide an integrated view of a user's true identity, even across multiple systems on which the user has separate accounts. For example, accounts like COMPANY\testuser; > cn=testuser,ou=engineering,o=company, and TUser@company.com can be mapped to the actual person who owns the accounts.

By displaying information about the people initiating a given action or people affected by an action, incident response times are improved and behavior-based analysis is enabled.

NOTE:Only administrators can integrate Change Guardian with identity management systems.

11.2.1 Integrating with Active Directory

Integrating AD with Change Guardian provides user information from AD and user mapping with associated incoming events. For more information, see Configuring LDAP for AD Browsing.

To view identity information and view the recent activities of a user, see Viewing Identity Data.

11.2.2 Integration with Identity Manager

If you have Identity Manager installed, you can use Change Guardian with Identity Manager to view user identity details of events. You must have the View People Browser permission to view identity details

To view user identity details:

  1. Perform a search, and refine the search results as needed.

  2. In the search results, select the events for which you want to view the identity details.

  3. Click Event operations > Show identity details.

  4. Select whether you want to view the identity of the Initiator user, the Target user, or both.

For more information about integrating identity information with Change Guardian events, see Integrating Identity Information in the Sentinel Administration Guide.

11.2.3 Searching and Viewing Identity Information

To search and view identity information, see Searching and Viewing User Identities.