Integrating PAM360 with Vulnerability Scanner

ManageEngine PAM360 integrates with Rapid7 InsightVM, a vulnerability management tool that automatically scans and collects data from all endpoints available in a network and identifies the ones that may pose a security risk. The PAM360-InsightVM integration helps you secure and centrally manage the shared credentials that are necessary to run vulnerability scans, right from the PAM360 interface. This document discusses the process of integrating PAM360 with the vulnerability management tools. For now, PAM360 integrates with Rapid7 InsightVM.

At the end of this document, you will have learned the following:

1. How does the Integration Work?
2. Prerequisites for Performing the Integration
3. Integrating PAM360 with the Vulnerability Scanner

1. How does the Integration Work?

PAM360 sources data from InsightVM through their API and using their host name and login credentials. Once the integration is complete, all the services in InsightVM will be populated in PAM360, after which you can associate and manage the InsightVM  credentials from the PAM360 interface.

2. Prerequisites for Performing the Integration

Before commencing the integration, verify if all of the below prerequisites are satisfied:

• PAM360 supports only HTTPS connections. Therefore, a valid SSL certificate is required to securely connect with the InsightVM server. To import the SSL certificate of the host running InsightVM into the PAM360 certificate store, follow the steps outlined in Question 11 under the Certificates module. While importing the SSL certificate, ensure that the SSL certificate includes the Subject Alternative Name (SAN) field.
• To remotely update passwords for InsightVM services after integration, you need to have the remote password reset enabled for resources in PAM360. Click here to learn more about setting up remote password reset in PAM360.

3. Integrating PAM360 with the Vulnerability Scanner

To enable and configure the PAM360 - InsightVM integration, follow the below steps:

1. Navigate to Admin >> Integrations >> Vulnerability Scanner.
2. In the page displayed, you will see the Rapid7 InsightVM block with with any of the below options based on whether you have enabled or disabled the integration:
   • Enable: You will see this option if the integration is disabled. Click this button to enter required details of the InsightVM server and enable integration.
   • Edit: You will see this option if the integration is enabled. Click this button to update the InsightVM URL and login credentials.
   • Configure: You will see this option if the integration is enabled. Click this button to view all the InsightVM services populated in PAM360.
   • Disable: You will see this option if the integration is enabled. Click this button to disable the integration.
3. Click Enable and enter the URL, Username, and Password of the InsightVM server.
4. Now, click Enable to save the details.
   

3.1 Mapping InsightVM Services to PAM360 Resource Types

Once the integration is enabled, click Configure to view all the InsightVM services in PAM360. Follow the below steps to map an InsightVM service to resource types in PAM360:

1. Click the Associate Resource Type option under Actions beside the required InsightVM service.
2. In the pop-up that opens, add resource types from PAM360 that are relevant to the selected service. You can map as many resource types to a service as you need. Click Associate once you are done.
   
   

3.2 Associating an Account to an InsightVM Service

1. Navigate to the Resources tab and click Resource Actions >> Associate >> InsightVM credential beside a resource type that was associated with an InsightVM service.
2. Choose an InsightVM credential from the list of corresponding InsightVM credentials and choose a PAM360 account to be mapped to it.
3. Click Save. The selected PAM360 account will be mapped to the selected InsightVM credential.
   
4. The mapping details of PAM360 accounts with InsightVM services can be reviewed for a particular service, go to Admin >> Integrations >> Vulnerability Scanner, click Configure. Here, click the Associate Account beside the required InsightVM service.