Configure Endpoint Privilege Management Reporting in BeyondInsight

Once the Endpoint Privilege Management Reporting components have been installed, a BeyondInsight administrator must configure the Endpoint Privilege Management Reporting database, assign permissions to users so they can access the reports, and configure the Endpoint Endpoint Privilege Management Policy Editor to raise events in BeyondInsight, following the steps detailed in the sections below.

Configure Endpoint Privilege Management Reporting Database in BeyondInsight

 

If you change your SQL Server port or Endpoint Privilege Management Reporting Database configuration, restart the Reporting Gateway service and Event Collector service to pick up the changes.

Named Instances

If using a named instance, the SQL Connection Options field must be used to provide a connection string to the PMR database. (Link to the SQL Connection Options section).

If the SQL Server named instance is listening on a dynamic port, use the instance name in the connection string without a port number because the allocated port number which SQL Server is listening on can change. The SQL Server Browser service must be running to locate the dynamic port.

Example connection string:

jdbc:jtds:sqlserver://SERVERNAME/BeyondTrustReporting;instance=INSTANCENAME

If the SQL Server named instance is listening on a static port, either the instance name can be used (with the SQL Server Browser Service running), or the port number can be supplied directly in the connection string.

Example:

jdbc:jtds:sqlserver://SERVERNAME:STATICPORTNUMBER/BeyondTrustReporting

If using an external BI Event Collector it is recommended to use the Microsoft JDBC driver as specified in the "SQL Connection Options" section, using either the instance name or the port number.

For more information about SQL Connection Options, see SQL Connection Options (Including SSL Configuration).

Follow these steps to configure the Endpoint Privilege Management Reporting database in BI:

  1. Log in to the BI console and navigate to Configuration > Endpoint Endpoint Privilege Management > Endpoint Privilege Management Reporting Database Configuration.

Endpoint Privilege Management Reporting Database Configuration in BeyondInsight

  1. Enter the database connection settings fields as follows:
    • Server: Enter the hostname or IP address of the database server where the PMR database was installed.

If using external event collector worker nodes, do not enter localhost even if the PMR database is hosted on the same server as the BI management server. PMR events will not flow through these nodes to the PMR database unless the DNS hostname or IP address is used here.

    • Database Name: Enter the name of the PMR database specified when you ran the PMR database installer.
    • Report Reader SQL User: Enter the username of the report reader user specified when you ran the PMR database installer.
    • Report Reader SQL Password: Enter the password of the report reader user specified when you ran the PMR database installer.
    • Event Collector SQL User: Enter the username of the event collector user specified when you ran the PMR database installer.
    • Event Collector SQL Password: Enter the password of the event collector user specified when you ran the PMR database installer.
    • Reporting Gateway URL: Enter the server name where the reporting gateway service and PMR UI were installed.

      • This can be set to localhost or 127.0.0.1. In some instances localhost certificates can be impacted by proxies, in which case use 127.0.0.1.

    • Reporting Gateway Port: Enter the port number on which the reporting gateway service runs PMR UI. This can be left as the default in most cases.
    • Event Collector URL: Enter the server name where the event collector service and event collector were installed.

      • This can be set to localhost or 127.0.0.1. In some instances localhost certificates can be impacted by proxies, in which case use 127.0.0.1.

    • Event Collector Port: Enter the port number on which the event collector service runs event collector. This can be left as the default in most cases.
    • SQL Connection Options: This is an advanced setting that allows custom parameters to be appended to the SQL connection string to the PMR database, or changing the default driver used for connectivity to the PMR database.
  1. Click Test Connection to test the connection to the PMR database.
  2. Click Update Settings.
  3. Restart the following services:
    • BeyondTrust EPM Event Collector Service
    • BeyondTrust EPM Reporting Gateway Service
    • BeyondTrust EPM Web Policy Editor Service
  4. From the left navigation in the BI console, verify that Reports is now listed under Endpoint Endpoint Privilege Management.

For more information on SQL connection options, see Configure Advanced SQL and Event Collector Settings for PMR in BI Integration.

Assign Permissions to Users to Access Reports in BeyondInsight

To view Endpoint Endpoint Privilege Management Reporting in BI, the user must belong to a user group that has (at a minimum) the following permissions set:

  • Management Console Access (Read Only permission)
  • Endpoint Privilege Management - Reporting (Read Only permission)

To use the Add to Policy functionality in PMR, the user must belong to a user group that has (at a minimum) the following permissions set:

  • Endpoint Endpoint Privilege Management (Read Only permission)
  • Endpoint Endpoint Privilege Management - Policy Editor (Full Control permission)

If the user only has Read Only permissions, the Add to Policy button does not display in BI.

For more information on how to set up users, groups, and assign feature permissions in BeyondInsight, see "Role-Based Access" in the BeyondInsight User Guide.

Configure Endpoint Endpoint Privilege Management Policy Editor to Raise Events in BI

  1. From the left navigation in the BI console, under Endpoint Endpoint Privilege Management, click Policies.
  2. Create a new policy or edit an existing policy:
    • To create a new policy:
      • Click Create Policy above the grid.
      • Enter a name for the policy and select the appropriate workgroup from the dropdown.
      • Click Create Policy.
      • Select a template and continue to step 3.
    • To edit an existing policy:
      • Click the vertical ellipsis for the policy.
      • Select Edit & Lock Policy and continue to step 3.
  3. Create a workstyle or edit an existing workstyle:
    • To create a new workstyle:
      • Click Create New Workstyle above the grid.
      • Enter a name and description for the workstyle.
      • Click the toggle to enable the workstyle.
      • Click Create Workstyle.
      • From the left navigation, expand Workstyles.
      • Expand the newly created workstyle.
      • Click Application Rules and continue to step 4.
    • To edit an existing workstyle:
      • From the left navigation, expand Workstyles.
      • Expand the desired workstyle.
      • Click Application Rules and continue to step 4.

Reporting Options when editing an Application Rule in a Workstyle for an Endpoint Endpoint Privilege Management Policy

  1. Create or edit an application rule, and at the bottom of the Application Rule panel, set the following:
    • Under Auditing, set Raise a Local Event to On.
    • Under Reporting Options, toggle the options to enable them. The options are:
      • BeyondInsight Events: Enable this option to configure endpoint clients to raise events which can be viewed from the Endpoint Endpoint Privilege Management Events grid in BI and in reports in BeyondInsight Analytics & Reporting in the Endpoint Endpoint Privilege Management folder.
      • Reporting Events: Enable this option to configure endpoint clients to raise events which can be viewed from the Endpoint Endpoint Privilege Management Reporting page in BI. To view these reports in BI:
        • From the left navigation, click Menu, and then click Reports under Endpoint Endpoint Privilege Management.

 

We recommend using the Reporting Events option, because PMR contains more detail in the events and provides advanced functionality such as Add to Policy. The Add to Policy feature provides a convenient way to add applications to Endpoint Endpoint Privilege Management policies. Enabling both reporting options results in a greater load on the server and additional resources may be required to handle the load.

You must enable reporting options for every application rule for which you want to raise events.

For more information on how to install and configure the BeyondTrust Endpoint Privilege Management for Windows clients in your BeyondInsight instance, see Configure BeyondInsight and Endpoint Privilege Management.