Scenario: Integrate an Active Directory with Vision One via Service Gateway on AWS¶
Prerequisites¶
- Playground One Network with PGO Active Directory (recommended) and/or Managed Active Directory enabled
Verify, that you have AWS AD - create PGO Active Directory and/or AWS MAD - create Managed Active Directory enabled in your configuration.
...
AWS MAD - create Managed Active Directory [true]:
# and/or
AWS AD - create PGO Active Directory [true]:
...
Log in to Domain Controller
After the network has been set up, the service gateway has been deployed, and Active Directory has stabilized after about 10 minutes, you must authenticate to the domain controller using RDP at least once. Don't ask why.
Use the public IP of the domain controller ad_dc_ip and the username Administrator@<your environment name>.local.
Connect an Active Directory¶
In Vision One head over to Workflow and Automation -> Service Gateway Management again. There should now be a Service Gateway listed. Select it, click on Manage Services just in the center, and download the On-premise directory connection to the gateway.
Since the Playground One is able to create two different Active Directories depending on what you have enabled in your configuration continue if the following chapters.
Connect the PGO Active Directory¶
From within your console/shell run the following command (or find the output from the previous step):
...
ad_ca_ip = "54.93.162.135"
ad_dc_ip = "3.71.102.69"
ad_dc_pip = "10.0.4.57"
...
ad_admin_password = TrendMicro.1
The interesting values are now ad_dc_pip and the ad_admin_password.
Lastly, in the Connection Settings choose the following parameters:
- Server Type: Microsoft Active Directory
- Server address: One of the private IPs out of
ad_dc_pip - Encryption:
SSL - Port:
636 - Base Distinguished Name:
Specific, value:DC=<your environment name>, DC=local - Permission scope:
Read & write - User Name:
Administrator@<your environment name>.local - Password:
ad_admin_password
Example with environment name pgo-id:
This should connect the Active Directory to Vision One via the Service Gateway.
Connect does not work
If connecting to the Active Directory via the Third-Party Integration does still not work reboot the Domain Controller once.
Install Security Event Forwarding¶
Using the PGO Active Directory allows you to utilize the Security Event Forwarding. For this functionality you need to download the current installation package on the Domain Controller and walk through the installation procedure.
Let's start from the beginning:
First, head over to Workflow and Automation -> Service Gateway Management and obtain your API Key (top right, this will be the same for all Service Gateways connected) the private IP of your Service Gateway, here 10.0.4.40.
Next, in Workflow and Automation -> Service Gateway Management -> Active Directory (on-premise) open the tab Security Event Forwarding and click the button [Download Installation Package] to copy the link.
Connect to the Domain Controller and download the agent via the browser by pasting the link from above.
Open the downloaded executable and install.
Follow the workflow and file in the IP and API Key of your Service Gateway.
Heading back to the Active Directory integration of Vision One the agent should be listed after a short period of time.
Connect the Managed Active Directory¶
From within your console/shell run the following command (or find the output from the previous step):
...
mad_id = "d-99677cba24"
mad_ips = toset([
"10.0.0.37",
"10.0.1.229",
])
...
key_name = "pgo-key-pair-oaxuizlr"
mad_admin_password = <sensitive>
...
mad_admin_password = XrJ*5VPDZGmhhL70
The interesting values are now mad_ips and the mad_admin_password.
Lastly, in the Connection Settings choose the following parameters:
- Server address: One of the private IPs out of
mad_ips - Encryption:
NONE(the MAD built by Playground One does not have a certificate yet) - Port:
389 - Permission scope:
Read & write - User Name:
admin - Password:
mad_admin_password
This should connect the Active Directory to Vision One via the Service Gateway.
🎉 Success 🎉