Integrating PAM360 with Vulnerability Scanner
This document discusses the process of integrating PAM360 with the vulnerability management tools. For now, PAM360 integrates with Rapid7 InsightVM. At the end of this document, you will have learned the following:
- Key benefits of integration
- How does the integration work?
- Prerequisites for performing the integration
- Steps to configure the integration
- Steps to map InsightVM services to PAM360 resource types
- Steps to associate an account to an InsightVM service
1. Key Benefits of Integration
ManageEngine PAM360 integrates with Rapid7 InsightVM, a vulnerability management tool that automatically scans and collects data from all endpoints available in a network and identifies the ones that may pose a security risk. The PAM360-InsightVM integration helps you secure and centrally manage the shared credentials that are necessary to run vulnerability scans, right from the PAM360 interface.
2. How Does the Integration Work?
PAM360 sources data from InsightVM through their API and using their host name and login credentials. Once the integration is complete, all the services in InsightVM will be populated in PAM360, after which you can associate and manage the InsightVM credentials from the PAM360 interface.
3. Prerequisites for Performing the Integration
Before commencing the integration, verify if all of the below prerequisites are satisfied:
- PAM360 supports connection via HTTPS only, hence it is mandatory to import a valid SSL certificate in the server. Follow the steps given here to import a certificate in the server.
- To remotely update passwords for InsightVM services after integration, you need to have the remote password reset enabled for resources in PAM360. Click here to learn more about setting up remote password reset in PAM360.
4. Steps to Configure the Integration
To enable and configure the PAM360 - InsightVM integration, follow the below steps:
- Navigate to Admin >> Integrations >> Vulnerability Scanner.
- In the page displayed, you will see the Rapid7 InsightVM block with with any of the below options based on whether you have enabled or disabled the integration:
Sl. No: Button Definition
You will see this option if the integration is disabled. Click this button to enter required details of the InsightVM server and enable integration.
You will see this option if the integration is enabled. Click this button to update the InsightVM URL and login credentials.
You will see this option if the integration is enabled. Click this button to view all the InsightVM services populated in PAM360.
You will see this option if the integration is enabled. Click this button to disable the integration.
- Click Enable and configure the following details:
- URL of the InsightVM server
- User Name
- Click Enable to save the details.
5. Steps to Map InsightVM Services to PAM360 Resource Types
Once the integration is enabled, click Configure to view all the InsightVM services in PAM360. Follow the below steps to map an InsightVM service to resource types in PAM360.
- Click the Associate Resource Type option under Actions beside the required InsightVM service.
- In the pop-up that opens, add resource types from PAM360 that are relevant to the selected service. You can map as many resource types to a service as you need. Click Associate once you are done.
6. Steps to Associate an Account to an InsightVM Service
- Navigate to the Resources tab and click Resource Actions >> Associate InsightVM credential beside a resource type that was associated with an InsightVM service.
- Choose an InsightVM credential from the list of corresponding InsightVM credentials and choose a PAM360 account to be mapped to it.
- Click Save. The selected PAM360 account will be mapped to the selected InsightVM credential.
- The mapping details of PAM360 accounts with InsightVM services can be reviewed for a particular service, go to Admin >> Integrations >> Vulnerability Scanner, click Configure. Here, click the Associate Account beside the required InsightVM service.
Note: Remote password reset from PAM360 is not supported for the following InsightVM services:
- Simple Network Management Protocol v2/v1c
- Simple Network Management Protocol v3
- SSH key
- Lotus Notes/Domino
- Web Site HTTP Authentication
For more information about shared credentials in InsightVM, click here.