You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: solutions/security/advanced-entity-analytics/privileged-user-monitoring-setup.md
+15Lines changed: 15 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -28,12 +28,26 @@ Privileged users typically include accounts with elevated access rights that all
28
28
29
29
You can define privileged users in the following ways:
30
30
31
+
* {applies_to}`stack: preview 9.2` {applies_to}`serverless: preview`[Add a supported integration](#add-integration) with your organization’s user identities. If your environment is already ingesting data from a supported integration, the setup steps are skipped—you're taken directly to the Privileged user monitoring dashboard, where you can start [monitoring user activity](/solutions/security/advanced-entity-analytics/monitor-privileged-user-activitites.md).
31
32
*[Select an existing index](#privmon-index) or create a new custom index with privileged user data.
32
33
*[Bulk-upload](#privmon-upload) a list of privileged users using a CSV or TXT file.
33
34
* Use the Entity analytics APIs to [mark individual users as privileged]({{kib-apis}}/operation/operation-createprivmonuser) or [bulk-upload multiple privileged users]({{kib-apis}}/operation/operation-privmonbulkuploaduserscsv).
34
35
35
36
To get started, find the **Privileged user monitoring** page in the navigation menu or use the [global search field](/explore-analyze/find-and-organize/find-apps-and-objects.md).
36
37
38
+
### Add a supported integration [add-integration]
39
+
```yaml {applies_to}
40
+
stack: preview 9.2
41
+
serverless: preview
42
+
```
43
+
44
+
1. On the **Privileged user monitoring** page, select an integration. The supported integrations are:
45
+
* [Active Directory Entity Analytics](integration-docs://reference/entityanalytics_ad.md). Users in the following security groups will be automatically assigned as privileged users:
46
+
* Domain Admins
47
+
* Enterprise Admins
48
+
* [Okta Entity Analytics](integration-docs://reference/entityanalytics_okta.md). Refer to [Standard administrator roles and permissions](https://help.okta.com/en-us/content/topics/security/administrators-admin-comparison.htm) for a list of Okta roles that will be automatically assigned as privileged users.
49
+
2. Follow the steps to install the integration.
50
+
37
51
### Select or create an index [privmon-index]
38
52
39
53
1. On the **Privileged user monitoring** page, click **Index**.
@@ -78,6 +92,7 @@ You can use multiple data source types, such as an index and a CSV file, at the
78
92
79
93
On this page, you can:
80
94
95
+
* {applies_to}`stack: preview 9.2` {applies_to}`serverless: preview` Change which integrations you're using as data sources.
81
96
* View, remove, and change indices after initially defining them.
82
97
* Import a new supported file with a list of privileged users.
0 commit comments