Table of Contents
Overview
Integrating Arcon PIM with ADR enables secure log ingestion from Arcon’s database into ADR’s CCE (Collection and Control Engine), which then forwards data to the APE (Analytics and Policy Engine) for real-time monitoring, threat detection, and compliance reporting.
This integration provides:
Comprehensive visibility into privileged access activities.
Proactive detection of misuse or suspicious activities.
Centralized log management for audits and compliance.
Prerequisites
Before beginning, ensure:
- Access Requirements
- Administrative access to the PIM Arcon database.
- Administrative access to the ADR SIEM.
- Administrative access to the CCE server.
- Connectivity Requirements
- ADR CCE must have network connectivity to the PIM Arcon database (host and port must be reachable).
- Credentials
- Valid database username and password for PIM Arcon.
Configuration Steps
Step 1: Configure PIM Arcon Database Integration
Gather the following database details from your PIM Arcon environment:
Database Host (db_ip)
Database Port (db_port)
Database Name (db_name)
Table Name (table_name) where logs/events are stored
Step 2: Add PIM Arcon in ADR SIEM
Log in to the ADR SIEM UI.
Navigate to: Administration → Add-On Store.
Click on the Add button and select PIM Arcon from the device list.
Fill in the following fields:
| Field | Value / Instruction |
|---|---|
| Device | Select PIM Arcon from the device list |
| Name | Provide a friendly name (e.g., Arcon-PIM-DB) |
| CCE Host | Enter the IP address of your ADR CCE server |
| Access ID / Username | Enter the database username |
| Password / Secret Key | Enter the database password |
| Config (JSON) | Enter the following JSON:{"pimarcon_host": "db_ip", "pimarcon_port": "db_port", "pimarcon_databasename": "db_name", "pimarcon_tablename": "table_name"} |
Review the configuration for accuracy.
Click Save to complete the integration.
Verification (MSSP Only)
On ADR UI
- Log in to the ADR SIEM UI.
- Navigate: System → Logs and Flows Collection Status.
Verify that:
Source Device IP for PIM Arcon appears in the list.
Events from the PIM Arcon database are being ingested successfully.
On ADR CCE (CLI)
SSH into the CCE server.
Run the following commands.
otmdoc -s addondevice
crontab -l
Confirm that the PIM Arcon add-on script is listed and scheduled.
Notes:
Ensure that the database user provided has read permissions for the required tables in PIM Arcon.
JSON configuration must be properly formatted to avoid ingestion errors.
If logs are not visible:
Verify network connectivity from CCE → PIM Arcon database host/port.
Check database credentials for correctness.
Ensure that the specified table contains log/event data.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article