ArcSight Enterprise Security Manager (ESM)

HP ArcSightEnterprise Random Password Manager™ (ERPM)  has achieved Common Event Format (CEF) certification for the Security Information and Event Management (SIEM) platform from ArcSight®, Inc. Lieberman Software's ArcSight certified CEF compliant solutions provide enterprises with enhanced application layer monitoring, visibility and management of privileged accounts. 

In 7 clicks or less, Lieberman Software's CEF Connector allows ArcSight Enterprise Security Manager (ESM) to connect to, aggregate, filter, correlate, and analyze events from ERPM and RPM, which output their event logs in the CEF standard utilizing the syslog transport protocol. 

Monitoring Privileged Account Activity with ArcSight SIEM

 
With this integration customers can monitor and react to the operation of Lieberman Software's privileged identity management systems from within ArcSight ESM. Existing ArcSight customers will be able to pass their security audits by allowing Lieberman Software solutions to maintain proper synchronization and control over the privileged accounts used within the ArcSight product. 

ERPM secures and manages privileged account passwords in the multiplatform enterprise. It utilizes an event generation and forwarding model, which supports a flexible event forwarding configuration, with various filters and connectors available. See the Lieberman Software ArcSight Certified Configuration Guide for information on configuring ERPM and RPM for syslog event collection. This connector is supported on Windows platforms. 

Learn More

A partial list of the ERPM events that can be passed along for central collection, reporting and viewing from within the ArcSight ESM application are below.
  

Download the white paper: Privileged Identity Management for the HP Ecosystem

 

Console Operations: 
EVENT_ID_PASSWORD_RECOVERY_MAIL_ALERT   
EVENT_ID_JOB_FAILED_TO_LOCK  
EVENT_ID_JOB_RESET_FOR_RUN  
EVENT_ID_JOB_CONTINUE_PARTIAL_RUN  
EVENT_ID_JOB_CANCELING_RUN  
EVENT_ID_JOB_STARTING_TRUST_UPDATE  
EVENT_ID_JOB_TRUST_UPDATE_OPERATION  
EVENT_ID_JOB_STARTING_DYNAMIC_GROUP_UPDATE  
EVENT_ID_JOB_DYNAMIC_GROUP_UPDATE_OPERATION  
EVENT_ID_JOB_STARTING_ADMIN_ACTIVITY_REPORT  
EVENT_ID_JOB_ADMIN_ACTIVITY_REPORT_OPERATION  
EVENT_ID_JOB_PASSWORD_STATUS_REPORT_OPERATION  
EVENT_ID_SYSTEM_RESTRICTED  
EVENT_ID_JOB_LAUNCHING_THREADS  
EVENT_ID_JOB_COULD_NOT_CONNECT_TO_SYSTEM  
EVENT_ID_CONSOLE_STARTED  
EVENT_ID_JOB_COMPLIANCE_DATABASE_SNAPSHOT  
EVENT_ID_JOB_MISSED_RUN_RESCHEDULED  
EVENT_ID_JOB_MISSED_RUN_FINISHED  

Password Operations:   
EVENT_ID_PASSWORD_ACCESS_GRANTED   
EVENT_ID_PASSWORD_ACCESS_REFUSED    
EVENT_ID_PASSWORD_CHECKED_OUT    
EVENT_ID_PASSWORD_CHECKED_IN    
EVENT_ID_PASSWORD_CHECKOUT_EXPIRED   
EVENT_ID_PASSWORD_RETRIEVED  
EVENT_ID_PASSWORD_REQUESTED  
EVENT_ID_PASSWORD_REQUEST_GRANTED  
EVENT_ID_PASSWORD_REQUEST_DENIED  
EVENT_ID_PASSWORD_RECOVERED_FOR_RDP  
EVENT_ID_JOB_GENERATED_RANDOM_PASSWORD  
EVENT_ID_JOB_STARTING_PASSWORD_STATUS_REPORT  
EVENT_ID_JOB_FAILED_PASSWORD_STATUS_CHECK_FOR_ACCOUNT  
EVENT_ID_JOB_STARTING_PASSWORD_CHANGE_ON_SYSTEM  
EVENT_ID_JOB_FAILED_LINUX_PASSWORD_UPDATE  
EVENT_ID_JOB_SUCCESS_LINUX_PASSWORD_UPDATE  
EVENT_ID_JOB_FAILED_CISCO_PASSWORD_UPDATE  
EVENT_ID_JOB_SUCCESS_CISCO_PASSWORD_UPDATE  
EVENT_ID_JOB_FAILED_MYSQL_PASSWORD_UPDATE  
EVENT_ID_JOB_SUCCESS_MYSQL_PASSWORD_UPDATE  
EVENT_ID_JOB_FAILED_ORACLE_PASSWORD_UPDATE  
EVENT_ID_JOB_SUCCESS_ORACLE_PASSWORD_UPDATE  
EVENT_ID_JOB_FAILED_WINDOWS_PASSWORD_UPDATE  
EVENT_ID_JOB_SUCCESS_WINDOWS_PASSWORD_UPDATE  
EVENT_ID_JOB_FAILED_SQL_PASSWORD_UPDATE  
EVENT_ID_JOB_SUCCESS_SQL_PASSWORD_UPDATE  
EVENT_ID_JOB_FAILED_AS400_PASSWORD_UPDATE  
EVENT_ID_JOB_SUCCESS_AS400_PASSWORD_UPDATE  
EVENT_ID_JOB_PROPAGATING_TO_SERVICES  
EVENT_ID_JOB_PROPAGATING_TO_TASKS  
EVENT_ID_JOB_PROPAGATING_TO_COMPLUS  
EVENT_ID_JOB_PROPAGATING_TO_DCOM  
EVENT_ID_JOB_PROPAGATING_TO_IIS  
EVENT_ID_JOB_PROPAGATING_TO_CUSTOM  
EVENT_ID_JOB_PROPAGATING  
EVENT_ID_PASSWORD_VAULT_OPENED  
EVENT_ID_JOB_FAILED_CUSTOM_ACCOUNT_STORE_PASSWORD_UPDATE  
EVENT_ID_JOB_SUCCESS_CUSTOM_ACCOUNT_STORE_PASSWORD_UPDATE  
EVENT_ID_JOB_STARTING_ACCOUNT_ELEVATION_JOB  
EVENT_ID_JOB_FAILED_LDAP_PASSWORD_UPDATE  
EVENT_ID_JOB_SUCCESS_LDAP_PASSWORD_UPDATE  
EVENT_ID_JOB_FAILED_SYBASE_PASSWORD_UPDATE  
EVENT_ID_JOB_SUCCESS_SYBASE_PASSWORD_UPDATE  
EVENT_ID_PASSWORD_RECOVERED_BY_GRANT  
EVENT_ID_PASSWORD_RECOVERED_FOR_TERMINAL_SERVICES  
EVENT_ID_PASSWORD_RECOVERED_BY_CLIENT_AGENT  
EVENT_ID_JOB_FAILED_OS390_PASSWORD_UPDATE  
EVENT_ID_JOB_SUCCESS_OS390_PASSWORD_UPDATE  
EVENT_ID_JOB_DISCOVERY  

Web Application Operations/Errors: 
EVENT_ID_WEBAPP_FAILED_PERMISSIONS_CHECK  
EVENT_ID_WEBAPP_INVALID_AUTH_TOKEN  
EVENT_ID_WEBAPP_PERMISSION_NOT_GRANTED  
EVENT_ID_WEBAPP_DATABASE_CONNECTION_FAILURE  

File Vault Operations: 
EVENT_ID_FILE_RETREIVAL_REFUSED  

Scheduler Service Operations:  
EVENT_ID_SCHEDULER_STARTED  
EVENT_ID_SCHEDULER_PROCESSOR_DISPATCH  
EVENT_ID_SCHEDULER_PROCESSOR_FINISHED  
EVENT_ID_SCHEDULER_FAILED_TO_RUN_JOB  
EVENT_ID_SCHEDULER_FAILED_LICENSING_ERROR  
EVENT_ID_SCHEDULER_JOB_COMPLETE_ALERTS  
EVENT_ID_SCHEDULER_JOB_COMPLETE_ALERTS_FAILED  
EVENT_ID_SCHEDULER_STOPPED