ObserveIT

ObserveIT is an Insider Threat Management solution. ObserveIT protects against data loss, malicious acts, and brand damage involving insiders acting maliciously, negligently, or unknowingly. ObserveIT correlates activity and data movement, empowering security teams to identify user risk, detect and respond to insider-led data breaches, and accelerate security incident response.

Configuring the Connector for ObserveIT

To configure Lucidum to ingest data from ObserveIT:

1. Log in to Lucidum.

2. In the left pane, click Connector.

3. In the Connector page, click Add Connector.

4. Scroll until you find the Connector you want to configure. Click Connect. The Settings page appears.

5. In the Settings page, enter the following:

   • MSSQL Server (required) - The DNS / IP Address of the Microsoft SQL Server your ObserveIT instance is using.

     • To use a specific named instance, the value supplied should be in the following format: {server_host}\{instance_name}.

     • If no instance is supplied, the default instance will be used.

   • Port (optional, default: 1433) - The port used for the connection.

   • Database (required) - The name of the database inside the SQL Server.

   • User Name (required) - A user name with read-only permissions.

     • Best practice is to create a dedicated SQL local user for Lucidum. For details, see https://docs.axonius.com/docs/microsoft-sql-server-mssql#creating-a-local-readonly-user-for-microsoft-sql-server .

     • If you are using a domain user, specify the domain and the user name in the following format: domain\username.

   • Password (required) - The user's password. The password must not include ";".

   • Verify SSL. For future use.

6. To test the configuration, click Test.

   • If the connector is configured correctly, Lucidum displays a list of services that are accessible with the connector.

   • If the connector is not configured correctly, Lucidum displays an error message.