Integrations for Privilege Management for Windows & Mac

Requests to Run or Install Apps Go Directly to ServiceNow

The ServiceNow integration enables the submission of a ticket to the IT team, so that they can make an informed and expedited decision on the user’s request to run an application, installation, script, or task.

In the default configuration, when a user runs an application that you are targeting with the ServiceNow Rule Script, the user is presented with the option to raise an incident in ServiceNow or cancel the request. The ServiceNow ticket includes caller, a short description, and a complete description that includes the business justification, the program name, program publisher, program path, challenge code, and the business justification the end user provided.

Administrators can then take action on the incident in ServiceNow and supply the end user with a response code. The end user can then use the response code to 'unlock' the application, allowing it to run.

Collect Privilege Management Events in Splunk Enterprise

Splunk Enterprise can be used to capture and report on events from Privilege Management. You can collect BeyondTrust events in two different ways:

  • From your endpoints or from your Windows Event Collector node using the Splunk Universal Forwarder. This approach is useful if you are collecting Windows event log events from multiple sources including Privilege Management.
  • Importing events from the Privilege Management Reporting database using Splunk DB Connect. With this approach you do not need to deploy further agents to your endpoints.