Symantec Privileged Access Management

  • 1.  How to know Device ID on Threat Analytics

    Posted Dec 31, 2018 12:06 AM

    Hai All,

     

    we have TA on our environment. 

    I would like to know how I can understand the Device on on "Title" Tab

    I believe this Device title is device that user login to TA. but how can I know my Device title on my laptop ?

     

    and why TA read Device ID that user hardly understand instead of using hostname 

    Device ID

     

     

     

    Thanks

    Yoga



  • 2.  Re: How to know Device ID on Threat Analytics
    Best Answer

    Broadcom Employee
    Posted Jan 04, 2019 10:52 AM

    Hello Yoga,

    I agree with your concern - I suggest you open an Idea in this Community for consideration by Product Management to have this changed in a future Product release



  • 3.  Re: How to know Device ID on Threat Analytics

    Posted Jan 04, 2019 11:40 AM

    I have a partial answer for you, after speaking with Product Management for Threat Analytics:

     

    The device identifier used and displayed by TAP are actually created by PAM. The TAP system just displays what PAM sends.

     

    He believes that the identifiers are created by PAM using an algorithm designed to work for any/all devices (i.e., it does not rely on a computer name or other OS level characteristic that may not always be available). A primary requirement was that the algorithm ensures that devices each get a unique identifier.

     

    I still do not know how to correlate this identifier to a real device.  I've reached out to PAM Engineering for an explanation for the reasoning behind the naming of the devices you see listed.  I will pass it along as soon as I receive the response.



  • 4.  Re: How to know Device ID on Threat Analytics

    Posted Jan 05, 2019 12:39 AM

    Hai Voged and Andreas,

     

    Thanks again for replying.

     

    Yes this is quite confusing to read. some of the Threat Anaytics information is not realy readable by novice user and also I can not find out any of Documentation related to Threat Analytics Function and Features Explanation except only this litle documentation from CA PAM docops Integrate with CA Threat Analytics - CA Privileged Access Manager - 3.2.3 - CA Technologies Documentation . can you guys inform to Product Development of TA to posted official documentation of TA.on Docops.  since I have lot's of question and need to understand about this product. 

     

    and Looking forward to your feedback from PAM Engineering voged01/

     

    Thanks

    Yoga



  • 5.  Re: How to know Device ID on Threat Analytics

    Posted Jan 07, 2019 01:40 PM

    I spoke with an engineer about this.  The name is a unique identifier for the device from which the user connected to PAM, with either the PAM Client or a browser.  It is intended to be difficult to identify, in order to prevent someone from counterfeiting data sent to Threat Analytics.  There are several fields that PAM sends to Threat Analytics that help to identify the device.  One is the Operating System, which you can see on the Device page.  One more field is the IP address, which you can see when you click on the device identifier.  Some of the other pieces of human readable data to let you understand where the information comes from are as follows:

    s.userID AS userId,

    s.remote_addr AS remoteIpAddress,

    s.private_addr AS privateIpAddress,

    s.public_addr AS publicIpAddress,

    s.machineID as machineId,

    s.os AS clientOs, s.version,

    s.u_name AS sessionUserName.

     

    I am not sure where each of these may be found, or if they all can be.  If you need anything further I will reach out to the Threat Analytics team and will ask for their help.