Symantec Privileged Access Management

  • Private Community

  • 1.  CA Threat analytics location configuration

    Posted Feb 07, 2019 12:49 AM

    Hi Team,

    I have done the CA Threat  analytics integration with CA PAM. I am able to analyze all user activities in Threat analytics console. All the risk levels also i am getting correctly. But i am not getting the location values from which users has logged in. 

    Please share any configuration steps for how to get location values in Threat analytics console.

     

    Version: 2.2.1



  • 2.  Re: CA Threat analytics location configuration

    Broadcom Employee
    Posted Feb 07, 2019 10:48 AM

    Hi Bhumesh,

    Could you look at this post in Communities:   How to know Device ID on Threat Analytics 

    And let me know if that is similar to your question about location?

    Thanks,

    Margaret



  • 3.  Re: CA Threat analytics location configuration

    Broadcom Employee
    Posted Feb 07, 2019 06:21 PM

    There is also a knowledge doc on this.

    TAP can only determine a geolocation for IP addresses that are routable. That means the IP addresses visible to PAM/TAP cannot be in one of the 'reserved' blocks set aside for internal and test use. (i.e., these non-routable address ranges are 10.0.0.0 - 10.255.255.255, 172.16.0.0 - 172.31.255.255, 192.168.0.0 - 192.168.255.255 ) . If the PAM user login from an IP address other than the mentioned above, Threat Analytics for PAM can display the geolocation. Otherwise, it is normal to not see any geolocation information.

     

    I see that you have also opened a support case on this question.