Repeated alerts related IAM

book

Article ID: 205553

calendar_today

Updated On:

Products

CLOUDTEST CA Application Test CA Cloud Test Mobile MOBILECLOUD Service Virtualization

Issue/Introduction

Security teams report the below alerts and want to know these are legitimate?

d:\\devtest10.6\\jre\\bin\\java\"  -Dprogram.name=standalone.bat  -Diam.keystore.password=${VAULT::IAM::IAM_KEYSTORE_PASSWORD::1} -DIAM_HOME=D:\\DevTest10.6\\IdentityAccessManager\\ -Diam.db.password=${VAULT::IAM::IAM_DB_PASSWORD::1} -Diam.vault.enc.iteration.count=120 -Diam.db.vendor=h2 -Diam.vault.keystore.password.masked=MASK-7DscHYCAzRJgjgpBba72IwRGfBaq4CFF70uETVutVDX -Diam.truststore.password=${VAULT::IAM::IAM_TRUSTSTORE_PASSWORD::1} -Diam.keystore=D:\\DevTest10.6\\IdentityAccessManager\\certs/webreckeys.ks -Diam.vault.keystore.salt=6zqH6N6p -Diam.truststore=D:\\DevTest10.6\\IdentityAccessManager\\certs/iam-truststore.ks -Diam.vault.enc.file.dir=D:\\DevTest10.6\\IdentityAccessManager\\vault/ -Diam.vault.keystore.alias=vault -Diam.vault.keystore.url=D:\\DevTest10.6\\IdentityAccessManager\\vault/vault.keystore -Diam.db.user=sa -Djboss.http.port=51112 -Djboss.https.port=51111 -Djboss.bind.address.management=0.0.0.0 -Djboss.bind.address=0.0.0.0 -Dkeycloak.migration.action=import -Dkeycloak.migration.provider=iam-updater -Dkeycloak.migration.dir=../realms-to-import -Dkeycloak.migration.strategy=IGNORE_EXISTING -Diam.version=1.3.2 -Djava.net.preferIPv4Stack=true -Djboss.modules.system.pkgs=org.jboss.byteman -Djava.awt.headless=true    \"-Dorg.jboss.boot.log.file=D:\\DevTest10.6\\IdentityAccessManager\\standalone\\log\\server.log\"    \"-Dlogging.configuration=file:D:\\DevTest10.6\\IdentityAccessManager\\standalone\\configuration/logging.properties\"       -jar \"D:\\DevTest10.6\\

If the command is legitimate, what activity triggered the system to start alerting and why is it triggering so often

 

Cause

May be some changes happened on the Security scanner side which might be showing the alerts.

Environment

Release : 10.6

Component : CA Service Virtualization

Resolution

The messages are legitimate and will not cause any issue. The alerts are related to the command line information of the IAM process. See the below screenshot of the Task Manager which shows what the alerts are reported.
.