Kelly Wong

Tech Tip - CA Privileged Access Manager: Setup CA Threat Analytics Server with CA PAM

Blog Post created by Kelly Wong Employee on Apr 21, 2017

CA Privileged Access Manager Tech Tip by Kelly Wong, Principal Support Engineer for 21st April 2017

 

The scope of the document is to provide the necessary steps to integrate CA Threat Analytics 2.0.2 with CA Privileged Access Manager 2.8.1.

 

  1. CA PAM: Config >> Security
    Enable External REST API

  2. CA PAM: Credential Manager >> Targets >> Accounts
    Verify that CATapApiUser-x is listed, note down the password
  3. CA Threat Analytics Engine (https://<TA_IP>)
    Configure CA Threat Analytics Engine to use the CA Privileged Access Manager adapter.
    Log in to CA Threat Analytics Engine [admin/ P@ssword1234]

    Navigate to Services and select “CA PAM”

    Navigate to Configuration tab. Enter the CATapApiUser-x password, Test successful and Save Configuration
  4. CA Threat Analytics Engine
    Generate an API Auth Token.
    Navigate to Services, select ‘”CA PAM” and navigate to Auth Tokens tab. Click “new Auth Token”

    Download the auth token
  5. CA PAM: Config >> CA Modules
    Specify the CA Threat Analytics service that receives the CA Privileged Access Manager usage data for processing.
    Save and Test the connection




  6. CA PAM: Config >> Security
    Setup SAML authentication from CA PAM to CA Threat Analytics.
    Enable IdP



    Set Entity ID, Fully Qualifies Hostname, Signature Algorithm and the IdP Certificate. Update IdP Configuration and Download Idp Metadata
  7. CA Threat Analytics Administrative Application (https://<TA_IP>:3000)
    Setup SAML authentication from CA Threat Analytics to CA PAM.
    Log in to CA Threat Analytics Administrative Application [admin/ P@ssword1234]

    Navigate to Security

    Select ‘SAML’ for Authentication Mode, select the SAML Metadata File downloaded in Step 6, define the domain name/ IP address of the TAP server and save

  8. CA Threat Analytics Administrative Application
    Restart Threat Analytics Engine and PostgreSQL Database services
  9. CA PAM
    Access CA Threat Analytics Engine via the “punch-through” CA Threat Analytics icon on the dashboard

 

Troubleshooting

 

Error: Service Configuration parameters are incorrect!

Resolution: Ensure that the correct details are defined in CA Threat Analytics Engine and the CA TapApiUser’s account status is Enabled in CA PAM

 

 

Error: SAML 2 SSO profile is not configured for relying party https://<IP_or_FQDN>

Resolution: The Threat Analytics Address defined in CA PAM: Config >> CA Modules is automatically reflected in the TCP/UDP Services named ‘TAP-SAML-Service’ as SAML Entity ID. Ensure that the value matches the FQDN/ IP associated to the Assertion Consumer Service URL in CA Threat Analytics Administrative Application: Security.

 

Note: Any changes made to security settings in CA Threat Analytics Administrative Application requires restart of the Threat Analytics Engine.

 



 

Outcomes