How Does Securonix Integrate with Sailpoint ?

asked 15 Oct '14, 09:59

mnair's gravatar image

mnair
71149
accept rate: 9%


Securonix has out of the box ability to integrate with Sailpoint.

To source information for Sailpoint, it is important to understand how Sailpoint stores entitlements in its table. As of today, Sailpoint stores entitlements in xml format in its tables. Once it correlates an account to an identify, the link between the 2 is stored in the links table.

The queries listed below should help identify the different account and the entitlements for the account for that specific application

Query to view account and entitlement names in Sailpoint select grp.native_identity, grp.attributes from spt_entitlement_group grp,spt_application app where app.id = grp.application and app.name='[App Name]'

The different application present in Sailpoint can be identified using the query below Select * from spt_application.

To Make sure that the application has the latest ResourceParsers for it : Run the query below on your DB

ALTER TABLE configresourceparsers CHANGE COLUMN id id BIGINT(20) NOT NULL AUTO_INCREMENT ; delete from configresourceparsers where resourcetype = 'Sailpoint';

INSERT INTO configresourceparsers (vendor, Functionality, Description, resourcetype, resourcetypeid, configxml, attributexml, valid, resourceimportxml, userconfigxml, accessconfigxml, accessattributexml, accessrulesxml, threatconfigxml, uiconfigxml, policyxml, bprofilexml) VALUES
(NULL, NULL, NULL, 'Sailpoint', null, NULL, NULL, 0, '<?xml version="1.0" encoding="UTF-8"?><resourceimportxml><querystructure>select grp.native_identity, grp.attributes from spt_entitlement_group grp,spt_application app where app.id = grp.application and app.name=$[APPNAME]</querystructure><fieldmappings><mapping><key>accountName</key><value>native_identity</value></mapping><mapping><key>attributeXml</key><value>attributes</value></mapping></fieldmappings></resourceimportxml>', NULL, '<?xml version="1.0" encoding="UTF-8" standalone="no"?>\r\n<resources>\r\n <resource batchsize="1000" datasource="SailPointConnection_ACCESS" delimiter="," headerpresent="false" multiplelineaccounts="false" name="USail" postfix="" prefix="Sailpoint" type="sailpoint">\r\n <fieldmapping>\r\n <field multivalue="false" multivaluedelimiter="" name="accountName" position="1" useasaccountname="true" useasresourcename="false"/>\r\n <field multivalue="true" multivaluedelimiter=";" name="attributes" position="2" useasaccountname="false" useasresourcename="false"/>\r\n </fieldmapping>\r\n </resource>\r\n</resources>\r\n', '<?xml version="1.0" encoding="UTF-8" standalone="no"?>\r\n<attributes>\r\n <attribute attribute="accountName" description="" mappedattribute="accessvaluel1" useinoutlierdetection="false"/>\r\n <attribute attribute="attributes" description="" mappedattribute="accessvaluel1" useinoutlierdetection="false"/>\r\n</attributes>\r\n', '<?xml version="1.0" encoding="UTF-8" standalone="no"?>\r\n<rules>\r\n <applications>\r\n <application prioritizerules="false" appname="USail" forcesuggestedmatch="false" processunmatchedrecords="true" providesuggestedmatches="false">\r\n <uniquefield resourceattributename="accountName" weight="0.0">\r\n <correlationrules>\r\n <correlationrule name="cr">\r\n <conditions operationname="concat">\r\n <operands>\r\n <operand charfromleft="0" charfromright="0" isfixed="false" isfromidentity="false" name="employeeid" postfix="" prefix="" separator="" substringfrom="0" substringto="0"/>\r\n </operands>\r\n </conditions>\r\n </correlationrule>\r\n </correlationrules>\r\n </uniquefield>\r\n </application>\r\n </applications>\r\n</rules>\r\n', NULL, NULL, NULL, NULL); ALTER TABLE configresourceparsers CHANGE COLUMN id id BIGINT(20) NOT NULL ;

Notify the product team if you update any of the parsers out of the box

Step 1: Identifying the application to bring into Securonix from Sailpoint

Identify the application of interest by using the query Select * from sti_application.

Note the application name from Sailpoint from the results of the query.

Step2: Creating Datasources within Securonix Follow hte path Configure > Tasks > Actions > Import > Access Entitlements Add a new Data source Provide the name of the application as is from Sailpoint.

Step 3: Make sure the Device type selected is Sailpoint

Step 4: Create a new connection type under Access Connection Details Create a new connection The connectionType will be sailpoint The DB Type is mySQL : Provide the jdbc url , and connection credentials Step 5: Click Save and next and review the attributes for Sail point created Securonix creates 2 attributes - the account name and attributes Step 6: Click Save and next and proceed to add additional graphs as per requirement

We have added a new Datasource which is present in Sailpoint into Securonix. We can now pull in data from Sailpoint into Securonix.

Step 7 : Sourcing Access entitlements Once a new datasource is added, Securonix will redirect you to the screen to source in entitlements as any other access import. Clicking on next will take you to the mapping of the attributes

The attributes column is multivalues as a single account can have multiple entitlement. Change the seperator to a ";" from a "," .

Step 8: Specifiy correlation rules You can specify a correlation rule under "Add Correlation Rule" to correlate the account with the identities in Securonix.

Step 9: Fire Import Click save and next , provide a job name and fire the import.

The entitlements from Sailpoint will be sourced into Securonix.

Things to note:

Sometime the Name_Identity column in Sailpoint will have a full DN instead as the account name used. They additionally store a different name for the display. In such scenario.. use the query below

select grp.display_name, grp.attributes from spt_entitlement_group grp,spt_application app where app.id = grp.application

link

answered 15 Oct '14, 10:30

mnair's gravatar image

mnair
71149
accept rate: 9%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "Title")
  • image?![alt text](/path/img.jpg "Title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×3
×1

Asked: 15 Oct '14, 09:59

Seen: 8,139 times

Last updated: 15 Oct '14, 10:30