Blumira can be configured to ingest a stream of LastPass event data through the LastPass Enterprise API. If you have a LastPass Enterprise account, follow these steps to forward that account’s log stream to Blumira.
Before you begin
This integration requires a Blumira sensor to be installed before you can complete the steps below. Ensure that you complete the steps in Building a Blumira sensor with Ubuntu before you continue.
To configure the Blumira module on the sensor in later steps, you must obtain a “Provisioning Hash” or API key from LastPass that provides Blumira access to your data through the LastPass Enterprise API. You also must obtain your CID (account number) from Lastpass by following the steps in Where can I find the CID (account number) and API secret?:
- Log in to https://admin.lastpass.com.
- Navigate to Advanced > Enterprise API.
- Click on Create Your Provisioning Hash and note the resulting value. This is your Lastpass API Secret.
- To obtain your CID (account number), return to the Enterprise API page. Under Authentication Parameters, your CID is listed as an authentication parameter. Take note of this numeric value.
Next, you will need to enable your Blumira sensor to connect to LastPass, using the API Secret and cid you obtained. This connection is managed through the LastPass module, which you will install on one of your Blumira sensors.
To add a module on an existing sensor and provide credentials:
- In Blumira, click Settings.
- Click Sensors.
- Click the sensor on which you want to add a module.
- On the detail page for the sensor, scroll down and click Add Module.
- In the Add New Module window, select the newest version of this integration's module. Note: For the best stability and performance, Blumira will update the module version when old versions are deprecated.
- Enter the credentials that you gathered in the "Before you begin" section above.
- (Optional) Type a name for this log deployment in the Log Source Name box. This name is what will appear in the "device_address" column in the results of your event data queries. If you might have additional modules collect logs for different integrations in the future, this will help you distinguish them. Note: The name can only contain alphanumeric characters, periods, and hyphens; no spaces or underscores are allowed.
- Click Install.