hydden.docs

# This article provides detailed steps to set up a BeyondTrust data source for discovery of BeyondTrust User accounts and groups within the organization.

With the BeyondTrust integration all credentials needed for the discovery process of any data collection can safely be stored in a vault outside of Hydden and utilized when needed only.

Prerequisites

A BeyondTrust instance configured with an active Password Safe environment. A user account with API access must be configured for use with the Hydden data source access. Hydden can work with BeyondTrust SMEs to ensure a least privilege model is followed for access.

Adding the BeyondTrust Module to a Client

The BeyondTrust module needs to be added to a configured Client in Hydden to collect data.

  1. Navigate to __Configuration Discover__, select the Clients tab.
  2. Locate your client for the BeyondTrust collection, click the Edit button.
  3. In the Modules field, add the Vault module.
  4. Click Update.

Configure Your Hydden BeyondTrust Data Source

  1. Login to your Hydden tenant.
  2. To access the data sources page, navigate to __Configuration Discover__ and select Data Sources or use the data source URL: https://portal.hydden.com/configuration/data-sources.
  3. To add the BeyondTrust data source, click + Add Data Source.
  4. From the configuration wizard, under Vault, select the BeyondTrust logo tile.
  5. For Name enter an easy-to-identify name for the data source.
  6. You may ignore the optional Preset field. When pre-configured data source presets are available for selection from the drop-down, but they can also be added manually via the +.
  7. If you already created your credential, select that credential from the Credential drop-down. If you have not yet created a credential, click the +.
    1. On the Add Credential modal the first field defaults to BeyondTrust.
    2. In the Name field, enter a name for your credential.
    3. In the Username field, enter the username of the account configured for accessing the BeyondTrust Password Safe, refer to the listed prerequisites.
    4. In the API Key field, enter the api key for the access account.
    5. In the Instance URL field, provide the BeyondTrust Password Safe url.
    6. Click Add.
  8. You may ignore the optional Schedule field. To specify a Schedule either select from the list of pre-configured collection schedules or manually enter a new schedule via +.
  9. Under Site specify the site that your client is installed, it can also be “default” if there is only one client for your organization.
  10. Click Add to save the data source. You have an option to manually run the data collection via the Run Now button.

[!note] If custom mapping rules are required, refer to the Advanced Configuration section in the Data Source Overview topic.

At this point, you can run a collection from the Data Sources page and shortly after, you will see your BeyondTrust accounts listed on the Identity Posture dashboard, in Global Search and the Search Library.