Configure Idira Identity Security Platform for Arctic Wolf Active Response

With the Active Response service, Arctic Wolf® can perform identity-based response actions in your network using Idira Identity Security Platform (formerly CyberArk Identity Security Platform)®.

Idira Identity Security Platform (formerly CyberArk Identity Security Platform) supports these response actions:
  • Disable/Enable a user

For more information, see Response action descriptions.

Note:

Configure this integration with your primary identity provider in a cloud-based environment. Arctic Wolf does not support hybrid or on-premises environments for identity-based response actions.

These resources are required:

  • A user account with the System Administrator role
  • Contact your CST to validate the Active Response integration. Have an account or environment ready that Arctic Wolf can use to validate the desired response actions without causing interruptions.

Create an Idira service user

  1. In the Identity Administration portal, navigate to Core Services > Users.
  2. Click Add User.
  3. Configure these settings:
    • Login name — Enter a name for the service account name. For example, arctic-wolf-siem-service-user.
    • Email address — Enter a valid email address, and then save it in a safe, encrypted location.

      You will provide this value to Arctic Wolf later.

    • Display name — Enter descriptive name.
  4. In the Password Type section, click Generated.
  5. Copy the password and then save it in a safe, encrypted location.

    You will provide this value to Arctic Wolf later.

  6. In the Status section, select the Is OAuth confidential client checkbox.
  7. Click Create User.

Configure Idira service user permissions for Active Response

  1. On the left navigation menu, navigate to Core Services > Roles.
  2. Click Add Role.
  3. Configure these settings:
    • Name — Enter a name for the role. For example, Arctic Wolf Active Response.
    • Description — (Optional) Enter a description for the role.
    • Role Type — Make sure that Static is selected.
  4. Click Save.
    The role details page opens.
  5. Click the Members tab.
  6. Click Add.
  7. Search for and select the service account that you created in Create an Idira service user.
  8. Click Add.
  9. Click the Administrative Rights tab.
  10. Click Add.
  11. Search for and select the User Management permission.
  12. Click Add.
  13. Click Save.

Provide Idira Identity Security Platform Active Response credentials to Arctic Wolf

  1. Sign in to the Arctic Wolf Unified Portal.
  2. In the navigation menu, click Organization Profile > Integrations.
  3. On the Active Response tab, click New Active Response Integration +.
  4. Click CyberArk Identity.
  5. On the New Active Response Integration page, configure these settings:
    • Integration Name — Enter a unique and descriptive name for the integration.
    • Base URL — Enter the base URL of your Idira (formerly CyberArk) domain. For example, https://<identity-id>.id.cyberark.cloud.
    • Client ID — Enter the service user login value from Create an Idira service user .
    • Client Secret — Enter the service user password from Create an Idira service user.
  6. Click Save Integration.