Use https://seceonhelp.freshdesk.com/support/login to access updated Knowledge Base Articles, Submit Technical Support Tickets and Review Status of submitted support tickets.

Device Configuration-Thycotic PAM

Owned by Customer Success & Engineering (Unlicensed)
Last updated: Feb 21, 2023
1 min read

Overview

In this document we will guide you with the steps to integrate Thycotic PAM to receive syslog to the Seceon SIEM server for better visibility of threats happening in your environment.

Steps Of Configuration

  1. Login to your Thycotic SS platform

  2. Navigate to Administration > Configuration.

  3. Select the General tab and click on the Edit button.

  4. Check the Enable Syslog/CEF Logging check box. Three additional textboxes or lists appear:

    1. Syslog/CEF Server: IP address or name of the server. (Put the CCE IP address )

    2. Syslog/CEF Port: Server port for sent events. (Put the port as 514).

    3. Syslog/CEF Protocol: Select UDP.

    4. Syslog/CEF Time Zone: UTC Time or Server Time, depending on your preference.

  5. Complete or Configure those controls

  6. Click on Save

 

Verification

On CCE Server

Login as seceon user and run the below command

sudo tcpdump -i any port 514 and host <PAM IP>

On UI

  • Login to UI >>System>>Logs Flow Collection Screen

  • Inside Source Device IP column, PAM IP will reflect .

 

Reference : https://www.netsurion.com/Corporate/media/Corporate/Files/Support-Docs/How-To-Configure-Thycotic-Secret-Server-to-forward-logs-to-EventTracker.pdf

 

Seceon Inc. All rights reserved. https://www.seceon.com