Articles in this section

See more

Exabeam Cloud Connector for Ping Overview

Avatar
Nadav Lavy
  • Updated
Follow

If you're having trouble at any stage please contact us at support@skyformation.com

Preface

Ping is a multi-factor authentication solution which provides multi-factor authentication for cloud-based applications, on-premises applications, VPNs Windows Servers and RDP, and Secure Shell.

For more information about Ping products, please visit:
https://www.pingidentity.com/en.html

The main challenges and needs are to:
  • Get all audit events and alerts from Ping clod services into your SIEM/Log management system.
  • The granular alerts and events should be available at the organization’s central log or event management system for compliance, investigation or forensic needs.

What is it

Exabeam Cloud Connector for Ping is part of the Exabeam Cloud Connectors module:
https://www.exabeam.com/product/exabeam-cloud-connectors/

It continuously retrieves events and alerts from the different sources/APIs in the Ping cloud services and sends the events in a unified format to your Exabeam Advance Analytics (https://www.exabeam.com/product/exabeam-advanced-analytics/), Exabeam Data Lake (https://www.exabeam.com/product/exabeam-data-lake/) or your existing SIEM/Log management system. 

How it works

Exabeam Cloud Connector for Ping retrieves the events from the Ping service through its APIs and send them to your SIEM/Log system of choice over syslog encoded in CEF/Json. 

Connector's API/Audit Sources & Events Supported

Audit Source (API) Service/Module & Events 
Administrator login  Provides admin login success and login failed events
Administrator activity
    1. Provides admin events such as: admin created, deleted, invitation mail sent and property updated. 
    2. Provides application events such as: app created, deleted, updated, added to group, removed from group, etc. 
    3. Provides group events such as group created \ deleted. 
    4. Provides updates in the authentication policy
Ping id administrative activity

Provides events such as: updates in general settings updated, changes in authentication properties and account updates.
Directory

Provides user updates events such as (delete, create, password changed, etc) and password policy updates.
Provisioning Provides group updates events and user updates events.
SSO

Provides SSO events such as init connection with sso, successful connection and failure of connection.
Ping Id

Provides device events such as device paired \ unpaired, device wipe success / time out.

 

How to on-board Ping Connector to SkyFormation app

Adding Exabeam Cloud Connector for Ping connector

Related articles

Comments

0 comments

Please sign in to leave a comment.