[midPoint] Send policy violation onfo to external system

Radovan Semancik radovan.semancik at evolveum.com
Thu Sep 10 10:48:46 CEST 2015


Hi Alexander,

Currently there is no easy out-of-the-shelf way how to do this. But, you 
have several options:

1) Use model clockwork hooks: 
https://wiki.evolveum.com/display/midPoint/Hooks
The hooks are invoked for all create/modify/delete actions that midPoint 
does. The hooks are currently used to integrate workflow, send 
notification, etc. This might be a good place to implement ITSM system.

2) Use synchronization reactions. Currently there are several "built-in" 
reactions such as addFocus, deleteProjection, etc. But internally the 
reactions are pluggable and you can write your own plug-in. The plug-in 
can detect rough-grained policy violations (e.g. illegal accounts)

3) Simple ITSM integration may be perhaps done by using audit subsystem. 
Audit implementations are also pluggable and you can write your own 
implementation that will send the events to ITSMS.

4) We might cooperate on this. Integration of IDM and ITSM/SIEM seems to 
be an interesting topic. If you are willing to contribute the code or if 
you have some financial incentive to help fund this branch of 
development I'm sure we can find a way to cooperate. The options are 
described here:

https://wiki.evolveum.com/display/midPoint/I+Need+New+Feature

-- 
Radovan Semancik
Software Architect
evolveum.com



On 09/09/2015 02:22 PM, Alexander Omelchenko wrote:
> I’m working on integration of MidPoint with ITSM system. I need to 
> create new incident in ITSMS when there is policy violation with user 
> account in some resource.
> Is there any way to do this while there is no mark enforcement policy 
> implemented?





More information about the midPoint mailing list