Administration Guide › Action Alerts › Working with CA IT PAM Event/Alert Output Processes › About CA IT PAM Event/Alert Output Processes › How CA IT PAM Integration Works

How CA IT PAM Integration Works

Assume the following setup has occurred:

• You have configured CA IT PAM on the Report Server configuration page and specified the event/alert output process to run.
• You have scheduled an alert with CA IT PAM as a destination and specified to run the process once per row. For parameters that allow entry of summary and description statements, you entered statements that included CEG fields.
• You have scheduled another alert with CA IT PAM as a destination and specified to run the process once per query. For parameters that allow entry of summary and description statements, you entered literal text.

The end-to-end process involves actions by multiple sources:

• The generation of raw events by event sources
• The collection, and refinement of events by CA Enterprise Log Manager
• The generation of alerts when refined events meet query criteria by CA Enterprise Log Manager
• The sending of event and alert output by CA Enterprise Log Manager to CA IT PAM
• The running of the configured event/alert output process by CA IT PAM on a third-party system
• One of the following:
  • An evaluation of data by a user of the third party system who determines the correct action and takes it.
  • The automated response by that third-party system to the occurrence of the events.

A summary of the processing follows:

1. Event sources generate raw events.
2. Agents collect some of these raw events based on their connectors and transfer the raw events to a collection server.
3. The collection server normalizes and classifies the raw events and transfers the refined events to a reporting server.

   For example, when a configuration change is made on any system, a log is created and classified as a configuration change. The event captures the time of the change, the host where the change was made, the user who performed the change, and the result of the change attempt.

4. The reporting server runs the queries selected for each scheduled alert.
5. When refined events meet the query criteria, the reporting server generates an alert and transfers the following information to CA IT PAM:
   • Alert details
     • Displayed process parameters and their values
     • CEG fields sent for undisplayed process parameters
   • Event details
     • For per row, event details are conveyed by the entries in the fields available for summary and description statements, where users describe the event with the CEG field variables composing the query selected for the alert.
     • For per query, event details are conveyed with a URL to a CA Enterprise Log Manager page that displays event details at the row level.
6. If the send is successful, CA IT PAM continues processing as defined in the configured event/alert output process.
7. If the third party product is CA Service Desk and the process is the sample event/alert output process, the following occurs:
   • A help desk ticket is opened and assigned a number. Fields on the ticket are populated with the parameter values from the alert definition. If a URL is received, it is displayed with the summary statement.
   • CA Service Desk returns the ticket number to CA IT PAM
8. CA IT PAM passes the ticket number back to CA Enterprise Log Manager
9. CA Enterprise Log Manager displays the ticket number as a self-monitoring event.