Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

This quick start guide will help Accenture MDR customers configure Sailpoint IdentityIQ to allow log collection from the Log Collection Platform (LCP).

The document includes the following topics:

Supported Versions

A list of supported versions is available in the Accenture MDR Supported Products List document (Accenture_MDR_Supported_Products_List.xlsx) which can be found in Accenture MDR Portal.

Port Requirements         

Table 1-1: Port requirements for LCP communication.

Source

Destination

Port

Description

LCP

Database

TCP/1433

Default port and protocol

Configuring Sailpoint IdentityIQ

Device Configuration Steps :

Sailpoint IIQ deployment and installation requires an Application Server in which you can create a Web Application and a new database and modify its schema in a database server instance. Ensure that you have the required authorization credentials before you begin the installation and deployment process.

Pre-Requisites :

IdentityIQ : We support IIQ web Application on any Application server under Sailpoint Application server Supported list. [refer Installation Guide for supported list - attached]

Database : We are currently only supporting Azure SQL Database Logs as this platform was tested and logs are validated from Azure SQL DB.

When using Azure SQL, you must first create a login for the identityiq databases before creating new users.

Create User for Accessing Database :

CREATE USER [identityiq] FOR LOGIN [identityiq] WITH DEFAULT_SCHEMA=[identityiq]
GO
EXEC sp_addrolemember '<read_only_user>', 'identityiq';
GO
GRANT SELECT TO identityiq
GO
CREATE SCHEMA identityiq AUTHORIZATION identityiq
GO

 

Following are the Object and Attribute list that we are currently supporting :

Objects

Table Name

Attributes

AuditEvent

spt_audit_event

id|created|modified|assigned_scope_path|interface|source|action|target|application|account_name|instance|attribute_name|attribute_value|tracking_id|attributes|string1|string2|string3|string4|server_host|client_host|owner|assigned_scope|

SyslogEvent

spt_syslog_event

id|created|quick_key|event_level|classname|line_number|message|thread|server|username|stacktrace|

TaskResult

spt_task_result

id|created|modified|owner|assigned_scope|assigned_scope_path|stack|attributes|launcher|host|launched|progress|percent_complete|type|messages|completed|expiration|verified|name|definition|schedule|pending_signoffs|signoff|report|target_class|target_id|target_name|task_terminated|partitioned|live|completion_status|run_length|run_length_average|run_length_deviation|

Alert

spt_alert

id|created|modified|extended1|attributes|alert_date|native_id|target_id|target_type|target_display_name|last_processed|display_name|name|type|source|

 

Note : Above are the Objects that we are supporting with the same Table Names and Attribute Lists in same sequential order.

LCP Configuration parameters

Table 1-2: The Sailpoint IdentityIQ Event Collector (3983 – DB) properties to be configured by MDR are shown in table.

Property

Default Value

Description

JDBC Drivers Directory

 

 

DatabaseURL

jdbc:jtds:sqlserver://<server>:1433/<databasename>

 

DatabaseUserName

<username>

Read-only database user account name

DatabasePassword

<password>

Password for the database user account name

DB Query Parameters

 

 

 

  • No labels

Legal Notice

Copyright © 2021 Accenture. All rights reserved.

Accenture, the Accenture Logo, and DeepSight Intelligence are trademarks or registered trademarks of Accenture in the U.S. and other countries. Other names may be trademarks of their respective owners.

The product described in this document is distributed under licenses restricting its use, copying, distribution, and decompilation/reverse engineering. No part of this document may be reproduced in any form by any means without prior written authorization of Accenture and its licensors, if any.

THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. ACCENTURE SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE.

The Licensed Software and Documentation are deemed to be commercial computer software as defined in FAR 12.212 and subject to restricted rights as defined in FAR Section 52.227-19 "Commercial Computer Software - Restricted Rights" and DFARS 227.7202, et seq. "Commercial Computer Software and Commercial Computer Software Documentation," as applicable, and any successor regulations, whether delivered by Accenture as on premises or hosted services. Any use, modification, reproduction release, performance, display or disclosure of the Licensed Software and Documentation by the U.S. Government shall be solely in accordance with the terms of this Agreement.