Centrify
Version: Centrify Server Suite 2015 or higher.
Centrify Server Suite secures the industry’s broadest range of mission-critical servers from identity-related insider risks and outsider attacks, making security and regulatory compliance repeatable and sustainable.
Netsurion Open XDR is an enterprise-class platform that seamlessly combines SIEM, Log Management, File Integrity Monitoring, machine Analytics and so forth.
Netsurion Data Source Integrations for Centrify Server Suite allows you to monitor the following activities:-
- Operations – Syslog messages for different services, account operations (addition, deletion and modification of user and group) and shutdown/restarting of system.
- Security – Suspicious network activities, if there is any changes in privileges on user logon/authentication activities (logon, logoff).
- Compliance – Changes in policy configuration (addition and deletion).
Once Centrify Server Suite is configured to deliver events to Netsurion Open XDR Manager; alerts, dashboards and reports can be configured into Netsurion Open XDR.
The following are the key Data Source Integration available in Netsurion Open XDR.
Alerts
| Type | Name | Description |
|---|---|---|
| Security | Centrify Direct Authorize agent stopped | This alert is generated by Centrify Windows Agent when Direct Authorize Agent service stopped. |
| Security | Centrify Dzdo execution denied | This alert is generated by Centrify Linux/Unix agent when dzdo command execution denied. |
| Security | Centrify Dzdo execution granted | This alert is generated by Centrify Linux/Unix agent when dzdo execution granted. |
| Operations | Centrify Adclient agent stopped | This alert is generated by Centrify Linux/Unix agent when Unix agent service stopped. |
| Operations | Centrify Configuration settings reloaded | This alert is generated by Centrify Linux/Unix agent when Configuration settings reloaded. |
| Operations | Centrify Create desktop failure | This alert is generated by Centrify Windows Agent when user failed to create desktop. |
| Compliance | Centrify PAM Authentication failed | This alert is generated by Centrify Linux/Unix agent when PAM authentication is failed. |
| Compliance | Centrify Remote login failed | This alert is generated by Centrify Windows Agent when remote log in failed. |
| Compliance | Centrify Run as role attempt failed | This alert is generated by Centrify Windows Agent when Run as role attempt failed. |
| Compliance | Centrify SSHD denied | This alert is generated by Centrify Linux/Unix agent when Centrify SSHD denied. |
Reports
| Type | Name | Description |
|---|---|---|
| Security | Centrify PAM Account management granted | This report provides information related to PAM account management granted Service Name, User Name, Service Status, Reason, ClientIP from fields. |
| Security | Centrify PAM Authentication Failed | This report provides information related to PAM authentication failures Service Name, User Name, Service Status, reason from fields. |
| Security | Centrify PAM Authentication successful | This report provides information related to successful PAM authentications Service Name, User Name, Service Status, reason from fields. |
| Operations | Centrify Adclient agent started | This report provides information related to when adclient agent service has started which include Service Name, User Name, Service Status from fields. |
| Operations | Centrify Adclient agent stopped | This report provides information related to adclient agent stopped which include Service Name, User Name, Service Status from fields. |
| Operations | Centrify Dzdo execution denied | This report provides information related to dzdo (command for Centrify privileged access) command execution denied which include Service Name, User Name, Service Status, reason from fields. |
| Operations | Centrify Dzdo execution granted | This report provides information related to dzdo (command for Centrify privileged access) command execution granted which include Service Name, User Name, Service Status, reason from fields. |
| Compliance | Centrify PAM Session closed | This report provides information related to closed PAM sessions Service Name, User Name, Service Status, TTY, reason from fields. |
| Compliance | Centrify PAM Session opened | This report provides information related to opened PAM sessions Service Name, User Name, Service Status, TTY, Reason from fields. |
| Compliance | Centrify SSHD denied | This report provides information related to Centrify SSHD denied Service Name, User Name, Service Status, Reason from fields. |
| Compliance | Centrify SSHD granted | This report provides information related to Centrify SSHD granted Service Name, User Name, Service Status, Reason from fields. |
Documentation
The configuration details are consistent with Netsurion Open XDR 7.x and later, and Centrify Server Suite.
Download Integration Guide for configuration instructions and more information.