Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update README.md #1402

Merged
merged 11 commits into from
Apr 3, 2023
Merged

Update README.md #1402

Changes from all commits
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
0f01430
Update README.md
deepsiIBM Mar 26, 2023
cbd1ce0
Update README.md
deepsiIBM Mar 27, 2023
a0ee30a
Update README.md
Deepshikha8514 Mar 27, 2023
45fbc6d
Update README.md
Deepshikha8514 Mar 27, 2023
bb22da5
Update README.md
deepsiIBM Mar 27, 2023
707ce82
Update README.md
deepsiIBM Mar 27, 2023
e7ae652
Update README.md
deepsiIBM Mar 27, 2023
bc2f2be
Update README.md
Deepshikha8514 Mar 27, 2023
7fc9db0
Update README.md
deepsiIBM Apr 2, 2023
df7ea03
Update README.md
Deepshikha8514 Apr 2, 2023
d563a93
Merge branch 'develop' into SS-updating-readme
delliott90 Apr 3, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
26 changes: 26 additions & 0 deletions stix_shifter_modules/secretserver/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,26 @@

REST Web Service APIs: https://www.ibm.com/support/pages/node/1136272

Prerequisite :

Create custom report on IBM Privilege Vault Secret Server/ Delinea Secret Server by using following steps:
- Login to IBM Privilege Vault Secret Server/ Delinea Secret Server.
- Click on Report tab.
- Fill the details as below and click the save button.


| | |
|-------------|-------------|
| Report Name | Secret Server Events Logs |
| Report Description | Secret Server Events Logs |
| Report Category | Activity |
| Chart Type | None |
| Page Size | 15 |
| Report SQL | SELECT a.EventDetails AS [EventDetails],a.EventNote,a.EventTime,a.ItemId,a.UserId,u.UserName as Name, u.EmailAddress as Unique_Identtification,a.EventSubject, s.secretname As [SecretName], a.ipaddress AS [IpAddress] FROM tbEventAudit a WITH (NOLOCK) INNER JOIN tbuser u WITH (NOLOCK) ON u.userid = a.userid INNER JOIN tbsecret s WITH (NOLOCK) ON s.secretid = a.ItemId WHERE a.EventTime >= #StartDate AND a.EventTime <= #EndDate ORDER BY a.EventTime DESC

- New custom report will get listed in General section of Reports tab.


### Format for making STIX translation calls via the CLI

`python3 main.py <translator_module> <query or result> <STIX identity object> <data>`
Expand Down Expand Up @@ -99,3 +119,9 @@ python3 main.py execute secretserver secretserver '{"type": "identity", "id": "i
}

```
These are examples of supported queries for secret server conncetor:

1. "[x-ibm-finding:event_name LIKE '%'] START t'2022-09-14T11:27:00.000Z' STOP t'2022-09-16T11:32:00.000Z'"
2. "[x-ibm-finding:time_observed LIKE '%'] START t'2022-09-14T11:27:00.000Z' STOP t'2022-09-16T11:32:00.000Z'"
3. “[x-secret:secret_name LIKE '%'] START t'2022-09-14T11:27:00.000Z' STOP t'2022-09-16T11:32:00.000Z'"
4. “[ipv4-addr:value LIKE '%'] START t'2022-09-14T11:27:00.000Z' STOP t'2022-09-16T11:32:00.000Z'"