BeyondTrust Password Safe
  • 26 Aug 2024
  • 3 Minutes to read
  • Dark
    Light
  • PDF

BeyondTrust Password Safe

  • Dark
    Light
  • PDF

Article summary

BeyondTrust Password Safe provides discovery, management, auditing, and monitoring for any privileged credential.

Types of Assets Fetched

This adapter fetches the following types of assets:

  • Devices
  • Users

Parameters

  1. Host Name or IP Address (required) - The hostname or IP address of the BeyondTrust Password Safe server.

  2. User Name (required) and Password (optional) - The credentials for a user account that has the Required Permissions to fetch assets.

  3. API Token (required) - An API Token associated with a user account that has permissions to fetch assets.

  4. Verify SSL - Select whether to verify the SSL certificate offered by the value supplied in Host Name or IP Address. For more details, see SSL Trust & CA Settings.

  5. HTTPS Proxy (optional) - A proxy to use when connecting to the value supplied in Host Name or IP Address.

  6. HTTPS Proxy User Name (optional) - The user name to use when connecting to the value supplied in Host Name or IP Address via the value supplied in HTTPS Proxy.

  7. HTTPS Proxy Password (optional) - The password to use when connecting to the value supplied in Host Name or IP Address via the value supplied in HTTPS Proxy.

To learn more about common adapter connection parameters and buttons, see Adding a New Adapter Connection.

BeyondTrustPasswordSafe.png


Advanced Settings

Note:

Advanced settings can either apply for all connections for this adapter, or you can set different advanced settings and/or different scheduling for a specific connection, refer to ​Advanced Configuration for Adapters.

  1. Get auto managed information for accounts - Select this option to fetch the field 'Auto Managed'.
  2. Do not fetch devices without an Asset ID - By default Axonius fetches all Managed Devices. Select this option to not fetch Managed Devices with an empty Asset ID.
  3. Fetch platforms - Select this option to fetch device platforms.
Note:

To learn more about Adapter Configuration tab advanced settings, see Adapter Advanced Settings.

APIs

Axonius uses the BeyondInsight and Password Safe API.

To create an API key policy API registration

  1. Create an API key policy API registration.
    1. Log in to BeyondInsight BeyondTrust.
    2. Navigate to Configuration> General> API Registrations.
    3. In the API Registrations pane, click Create API Registration.
    4. From the dropdown list, select API Key Policy. The Details pane is displayed.
    5. In Name, type axonius.
    6. Click Add Authentication Rule.
    7. In the Create New Authentication Rule pane that opens, select IP Rule, and under Type, select the type of IP rule - Single IP Address, IP range, or CIDR per line, and provide a valid source IP Address (IPv4 or IPv6), IP Range, or CIDR from which requests can be sent for this API key. Click Create Rule.
    8. Click Create Registration. BeyondInsight generates a unique identifier (API key) in the Key field. Note this key value.

BeyondTrustSetup1

  1. Create an 'axonius' group.
    1. Navigate to Configuration> Role Based Access> User Management.
    2. From the Groups tab, click + Create New Group.
    3. Select Create a New Group.
    4. In Group Name, type axonius, and then click Create Group.


Required Permissions

The following permissions are required to fetch devices:
Permissions AssetManagement.Read
or

ScanManagement.ReadWrite



You can connect to this adapter according to the following procedure:

  1. Create an API Key Policy.
    1. Add an IP Rule.
  2. Create a group called “axonius”.
    1. Add the API registration from above (API Key Policy).
    2. Add Smart Groups.
  3. All Assets in Password Safe -> Read Only -> Add “Information security administrator” Password Safe Role.
  4. All Managed Systems -> Read Only
    1. Add Features.
  5. Asset Management
  6. Users Accounts Management
  7. Create a user called “axonius”.
    1. Add the user to the “axonius” group.


Version Matrix

This adapter has only been tested with the versions marked as supported, but may work with other versions. Contact Axonius Support if you have a version that is not listed, and it is not functioning as expected.

VersionSupportedNotes
BeyondInsight and Password Safe API 21.1Yes



Was this article helpful?