Morgan Holm

Cygna Identity Feature

Cygna Identity Feature

Organizations are moving some of their workloads to the cloud and embracing SaaS solutions like never before.  However, most organizations will still have key workloads on-prem for some time due to the cost, effort or regulatory / residency issues.  This all results in organizations having a multitude of systems and applications that do not share a single identity store. Since some of these systems are required to be separated due to regulatory or geopolitical reasons, a single admin or user may have numerous separate user accounts to manage or use these systems.

The 2.0 release of Cygna Auditor introduces a new feature called Cygna Identity to unify these accounts from an audit perspective. This feature provides the ability to group multiple user accounts from hybrid and multi cloud systems to a single searchable identity.  The Cygna Identity feature enables organizations to quickly see an individual’s activities across multiple accounts or to create groups of accounts that span across identity stores.

Configure Cygna Identity

The Cygna Identities feature is configured through a tile on the Tools screen.

Cygna Identity Tile

Once opened, selecting the plus icon allows you to manually create a Cygna Identity and map the desired accounts to it.

  • Display Name – Name used in the identity field to perform searches.
  • Description – Additional information to describe the Cygna Identity.
  • Search users – Interactive search field to find accounts to map to the identity being created.

Once saved individual mapped accounts can be toggled on or off or deleted to be removed from association with the identity.

Identity Mapping

Identity Search

The Identity name filter allows for quick searches and reports based on the defined identities.  When the filter is applied, it will return all the audit activities of the user accounts enabled for the specified identity greatly simplifying and speeding up the search and reporting process.

Identity Search

You can also customize the grid view and add the Identity name column to the view.

Identity Column Selection

Schedule Identity Search

An identity search analyzes user accounts with audit activity from connected AD and AAD sources to automatically create identity mappings.  The job analyzes user accounts with similar UPNs.  Depending on configurations, UPNs may not be similar across AAD and AD even when using AD Connect for account synchronization so another method is also used, matching SIDs.

Schedule Identity Mapping

This task can be run one time or on a flexible recurring schedule.

Morgan Holm

Cygna Labs Adds SIEM Event Forwarding and Identity Grouping Features to Cygna Auditor Version 2.0

 

Cygna Labs releases a new version of Cygna Auditor (v 2.0.380) that implements event forwarding to SIEM systems as well as an account mapping feature that allows for the grouping of an individual’s user accounts from multiple on-prem and cloud systems to a searchable identity.

SIEM Forwarding

The need for organizations to understand what is happening in their on-prem and cloud environments has become increasingly important to detect insider threats, breaches, and cyber-attacks. Auditing and alerting on suspicious activities are critical to aid in detection and to minimize the impact. The newest release of Cygna Auditor adds the ability to forward plain language events to SIEM systems in a standard syslog format or structured view. This simplifies the understanding and consumption of the audit information for operational and security teams to make decisions and react quickly. The structured view normalizes the audit data in the SIEM by the who (account that made the change), what (the object/attribute that was changed with before and after values), where (the system where the change was applied) and when (the time the change was made).  Essentially Cygna Auditor provides SIEM systems a data translation layer service that converts non-human readable raw log data into plain language values as they occur.

 

 

Cygna Identity

Many organizations have a multitude of systems and applications that do not share a single identity store. Some systems are required to be separate due to regulatory or geopolitical reasons and as such, a single admin or user may have numerous separate user accounts to use or manage these systems. The new 2.0 release of Cygna Auditor has a new feature called Cygna Identity to unify these accounts. This feature provides the ability to group multiple user accounts from hybrid and multi cloud systems to a single searchable identity. No other auditing solution currently provides a single view of the individual’s activities across these separate accounts.  The new Cygna Identity feature enables organizations to quickly see an individual’s activities across multiple accounts.

 

Additional 2.0 Features

  • PBMS Connector AD Delegation and Scoping
    • Active Directory delegation and scoping will now also apply to AD audit data from the PBMS connector
  • RSAT Extensions (Remote Server Administration Tools)
    • Integration into ADUC and GPMC consoles to be able to launch a Cygna audit trail or perform a rollback from these native administration tools through context sensitive menu options
  • Daily Status Emails
    • Anonymized system status emails that can be sent to administrators, integrators or partners to inform on high level system function and performance

 

Stay tuned for additional blog posts that will go into greater detail on the SIEM forwarding and Cygna Identity features.