Configure BeyondTrust Privileged Remote Access for Integration

Several configuration changes are necessary on the BeyondTrust Appliance B Series. You must make the changes for each B Series Appliance configured in the application's configuration file.

All of the steps in this section take place in the BeyondTrust /login administrative interface. Access your BeyondTrust interface by going to the hostname of your B Series Appliance followed by /login, for example: https://access.example.com/login.

Verify the API is Enabled

This integration requires the BeyondTrust XML API to be enabled. This feature is used by the BeyondTrust Middleware Engine to communicate with the BeyondTrust APIs.

Go to /login > Management > API Configuration and verify that Enable XML API is checked.

Create an OAuth API Account

The SIEM Tool API account is used from within SIEM Tool to make Privileged Remote Access Command API calls to Privileged Remote Access.

Screenshot of the Add Button on the API Configuration page in Privileged Remote Access /login.

  1. In /login, navigate to Management > API Configuration.
  2. Click Add.

 

Screenshot of the Add an API Account page in Privileged Remote Access /login.

  1. Check Enabled.
  2. Enter a name for the account.
  3. OAuth Client ID and OAuth Client Secret is used during the OAuth configuration step in SIEM Tool.
  4. Under Permissions, check Allow Access for the Endpoint Credential Manager API.
  5. If ECM groups are enabled on the site, select which ECM group to use. ECMs that are not associated with a group come under Default.
This feature is only present if enabled when your site is built. If it is not present, please contact your site administrator.
  1. Click Save at the top of the page to create the account.

 

Add an Outbound Event URL

Outbound Events - Add HTTP Recipient for Integrations

  1. Go to /login > Management > Outbound Events.
  2. Click Add and name it Integration or something similar.
  3. Enter the URL to use:
    • If using an appliance ID of default: http://<middleware-host>:<port>/PAMPost. The default port is 8180.
    • If using an appliance ID other than default: http://<middleware-host>:<port>/PAMPost?appliance=<appliance-id> where <middleware-host> is the hostname where the BeyondTrust Middleware Engine is installed. The default port is 8180. The <appliance-id> is an arbitrary name, but note the value used, as it is entered later in the plugin configuration. This name accepts only alphanumeric values, periods, and underscores.
  4. For Events to Send, check Access Session End.
  5. Click Save.
  6. Now, the list of outbound events should contain the event just added. The Status column displays a value of OK if communication is working. If communication is not working, the Status column displays an error which you can use to repair communication.