Configure Endpoint Privilege Management

You can configure Privilege Management for Desktops to forward events to BeyondInsight. Before proceeding, make sure you have the appropriate license key for BeyondInsight and that you have installed all components for Privilege Management for Desktops and for BeyondInsight.

Generate a Certificate

Generate a client certificate using the BeyondInsight Configuration Tool. A certificate must be deployed to any asset where you capture events with Privilege Management for Desktops.

After you have generated a certificate, you can create an MSI certificate installation file. You can then set up a group policy with the MSI file and deploy the certificate to your Privilege Management for Desktops assets.

Do not generate a client certificate if one has already been created for BeyondTrust Discovery Scanner. You can use the existing client certificate for your Privilege Management for Desktops assets.

  1. Open the BeyondInsight Configuration Tool and select Certificate Management.
  2. Select Generate Certificate.
  3. Select Client Certificate.
  4. Enter a password.
  5. Click OK.

Create an MSI File

  1. Run the BeyondInsight Configuration Tool.
  2. Click Generate Certificate MSI.
  3. The certinstaller.msi is created in C:\Program Files (x86)\eEye Digital Security\Retina CS\Utilities\msi.

Configure Privilege Management for Desktops

Administrative Templates: Management

  1. Install the Privilege Management for Desktops components.
  2. Run the Group Policy Management Editor.
  3. Go to the Management folder in the Administrative Templates section.
  4. Set the following options.

 

Setting Description
Log events to BeyondInsight Activates event forwarding to BeyondInsight.
Enable Asynchronous BeyondInsight Event Logging Sends event logs to the System event log when BeyondInsight cannot process the events.
Configure the BeyondInsight Certificate Name Sets the BeyondInsight certificate name, eEyeEmsClient.
Configure the BeyondInsight heartbeat interval Configure a regular interval to send heartbeat events to verify the connection between Privilege Management and BeyondInsight (event ID 28701). The default interval is 360 minutes (6 hours).
Configure BeyondInsight to Store XML Events on Failure Create a path where the event data XML file is stored when the file cannot be sent to BeyondInsight.
Configure the BeyondInsight Web Service URL Enter the URL for the BeyondInsight web service in the format of https://example/EventService/Service.svc.
Configure the Privilege Management Workgroup Name for BeyondInsight Enter a workgroup name, needed for asset matching in BeyondInsight.
Enable BeyondInsight Trace Logging Enable to create a trace log if events are not flowing correctly into BeyondInsight.