RSA SecurID Access (Cloud Authentication Service) is an access and authentication platform with a hybrid on-premise and cloud-based service architecture. The Cloud Authentication Service helps secure access to SaaS and on-premise web applications for users, with a variety of authentication methods that provide multi-factor identity assurance. The Cloud Authentication Service can also accept authentication requests from a third-party SSO solution or web application that has been configured to use RSA SecurID Access as the identity provider (IdP) for authentication.
For More details:
Cloud Authentication Service Overview
The RSA NetWitness Platform uses the Plugin Framework to connect with the RSA SecurID Access (Cloud Authentication Service) RestFul API to periodically query for Admin activity. This provides visibility into all the administrative activities like: Policy, Cluster, User, Radius Server and various other configuration changes.
Here is a detailed list of all the administrative activity that can monitored via this integration
Administration Log Messages for the Cloud Authentication Service
Downloads and Documentation:
Configuration Guide: RSA SecurID Access Event Source Configuration Guide
(Note: This is Only supported on RSA NetWitness 10.6.6 currently. And it will be in 11.2 (Coming Soon..))
Collector Package on RSA Live: "RSA SecurID"
Parser on RSA Live: "CEF". (device.type=rsasecuridaccess)
3 Comments
