Enterprise

AIM Server adds controls for regulated and high-assurance environments: privileged access management, vaulted credential retrieval and session recording through CyberArk, and forwarding to a SIEM. These features run in the self-hosted and AIM Cloud deployments.

Privileged access management

Capabilities are grouped into three privilege tiers. Higher tiers require human approval before an agent can act, and approvals are recorded in the audit log.

STANDARD

Routine capabilities. Authorized by policy and trust score without a human gate.

PRIVILEGED

Sensitive capabilities. Require an approval before the action runs.

SUPER_PRIVILEGED

The most sensitive capabilities. Require approval and are held to the strictest policy.

  • Approval gates: a privileged action pauses until an operator approves it in the dashboard.
  • Break-glass: an emergency access path for incidents, recorded as an emergency declaration.
  • Certification campaigns: periodic review of who holds which privileged capabilities.

CyberArk integration

AIM connects to CyberArk so credentials never live in agent code or configuration.

CCP

Central Credential Provider retrieval, so secrets are pulled from the vault at use time rather than stored.

PSM

Privileged Session Manager recording, so privileged sessions are captured for review.

SIEM adapters

AIM forwards audit events to a SIEM so authorization decisions and alerts land in the same place as the rest of your security telemetry.

Splunk

Delivery over the HTTP Event Collector (HEC).

Microsoft Sentinel

Delivery through the Data Collector API.

Both adapters batch events, retry on failure, and filter by severity so the volume forwarded matches your SIEM ingestion budget.

Related documentation

JIT access →Compliance →Observability →Installation →