Storage Integration

FlashBlade/FlashArray Integration

This section describes how to integrate Data Security Essentials with your FlashBlade/FlashArray storage system.

note

FlashBlade sends syslog messages over UDP or TCP, while FlashArray sends audit events exclusively using TCP.

Enabling Data Stream

CLI Method

1. Log into Console

   SSH into the FlashBlade/FlashArray console

2. Create Syslog Entry

   For FlashBlade, create a syslog server entry using UDP:

   purelog create –uri udp://<ip-address-of-superna-dses-server> –services data-audit superna-dses-syslog-server

   For FlashArray, create a syslog server entry using TCP:

   purelog syslog create --uri tcp://<ip-address-of-superna-dses-server> --services data-audit superna-dses-syslog-server

3. Create Audit Policy

   For FlashBlade, create the audit policy:

   purepolicy audit file create superna-dses-syslog-audit –log-targets superna-dses-syslog-server

   For FlashArray, create the audit policy with a different syntax:

   purepolicy audit file create --targets superna-dses-syslog-server superna-dses-syslog-audit

4. Assign Policy

   For FlashBlade, assign the policy at the file system level:

   purepolicy audit file add superna-dses-syslog-audit –fs <file-system-name>

   For FlashArray, assign the policy at the directory level:

   purepolicy audit file add --dir <directory-name> superna-dses-syslog-audit

5. Verify Configuration

   Navigate to Settings -> Monitoring to verify the syslog entry

Pure Console Method

1. Navigate to Monitoring

   Go to Settings -> Monitoring and create a new syslog

2. Enter Server Address

   Enter the IP address of the Windows Server where Data Security Essentials is installed

3. Configure Audit Policy

   For FlashBlade:
   Go to Policies -> Audit and create the audit policy

   For FlashArray:
   Go to Storage -> Policies -> Audit Policies and create the audit policy

4. Assign Policy

   For FlashBlade Click on the policy and assign file systems to it

   For FlashArray
   Click on the policy and assign directories to it

Configuring Windows Auditing Permissions

1. Access Properties

   Right-click on the file system in Windows Explorer and select Properties

2. Open Security Settings

   Navigate to the Security tab and click Advanced

3. Access Auditing Tab

   Go to the Auditing tab and add or edit an entry

4. Configure Permissions

   Choose Domain Users as the Principal, set Type to All, and permissions to Full Control

Adding the Storage Device

1. Configure Pure Console

   1. Create User
      Navigate to Settings > Users and create a new user named superna

   2. Copy API Token
      Copy the generated API Token that you'll need for Data Security Essentials

2. Add New Device in Data Security Essentials
   Go to the Inventory list and click + Device

3. Configure Device
   Fill in the device details in the form

   • Device Name: A descriptive name for your storage device
   • Device Type: Select FlashBlade or FlashArray
   • Description: Information about your device
   • Managed by: Select the appliance that will manage this device
   • API URL: Enter the management interface URL or IP address
   • API Token: Paste the token copied from Pure Console