Chat now with support
Chat mit Support

Safeguard for Privileged Passwords On Demand Hosted - Administration Guide

Introduction System requirements and versions Using API and PowerShell tools Using the virtual appliance and web management console Cloud deployment considerations Setting up Safeguard for Privileged Passwords for the first time Using the web client Getting started with the desktop client Using the desktop client Activity Center Search box Privileged access requests Toolbox Accounts Account Groups Assets
General/Properties tab (asset) Accounts tab (asset) Account Dependencies tab (asset) Owners tab (asset) Access Request Policies tab (asset) Asset Groups tab (asset) Discovered SSH Keys (asset) Discovered Services tab (asset) History tab (asset) Managing assets
Asset Groups Discovery Entitlements Linked Accounts Partitions Profiles Settings
Access Request settings Appliance settings Asset Management settings Tags Backup and Retention settings Certificates settings Cluster settings Enable or Disable Services settings External Integration settings Password Management settings Real-Time Reports Safeguard Access settings SSH Key Management settings Security Policy Settings
Users User Groups Disaster recovery and clusters Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions Appendix A: Safeguard ports Appendix B: SPP 2.7 or later migration guidance Appendix C: SPP and SPS join guidance Appendix D: Regular Expressions About us

Generating an activity audit log report

To generate an activity audit log report

  1. From the Safeguard for Privileged Passwords desktop Home page, select Activity Center.

  2. Use the query tiles to specify the content of the report. By default the audit log returns all activity occurring within the last 24 hours. For more information, see Applying search criteria.

  3. Click Run.

    The information displayed by default depends on the type of activity report generated. (You can change the columns displayed by selecting the Columns in the upper right of the window.)

    For example, the "All Activity" report displays the following information for each event.

    • State: The left-most column displays one of the following regarding the availability of a recorded session:
      • Blank: Indicates that there is no recorded session available.
      • (green dot): Indicates that a live session is taking place. A Security Policy Administrator can click this button to launch the Desktop Player to follow what is happening in the current session.
      • Play: Indicates that there is a recorded session available locally on the appliance. Clicking this button launches the Desktop Player to play back the selected recording.

      • Download: Indicates that there is a recorded session available on the archive server. Clicking this button downloads the recording for play back.

      NOTE: These icons only appear on an "All Activity" or "Session Specific Activity" report.

    • User: The name of the user who triggered the event.
    • Date: The date and time the event occurred.
    • Activity Category: The category that defines the type of activity that occurred.

    • Event: The event that occurred. Double-click an event to view or hide event details.

Actions once a report is generated

Once a report is generated, you can use the buttons above the grid as described below.

  • Time frames: To rerun the report using a different time frame, select one of the following links, specify the time range, then click Run.
    • Last 24 Hours (default)
    • Last 7 Days
    • Last 30 Days
    • Last 60 Days
    • Last 90 Days

    • Custom

  • Workflow: Select an access request event and click Workflow to audit the transactions that occurred during the request's workflow from request to approval to review. For session requests, you can also replay a recorded session or live session from the Request Workflow dialog. For more information, see Replaying a session.
  • Run: Select to generate the report using the specified time frame.
  • Export: Right-click to select Export as CSV or Export as JSON to the location of your choice. Different information may be returned based on whether you select CSV or JSON. For example, JSON includes details of accounts discovered and CSV includes only the count of accounts. The time is set according to the user time zone. You can convert timestamps another time, if necessary. For more information, see Converting time stamps.
  • Schedule: Select to schedule the generation of the activity audit log report. For more information, see Scheduling an activity audit log report.
  • Save: Select to save the current search criteria to reuse the search later. For more information, see Saving search criteria.
  • Column: Select to display a list of columns that can be displayed in the grid. Select the check box for data to be included in the report. Clear the check box for data to be excluded from the report. The additional columns available depend on the type of activity included in the report.

Scheduling an activity audit log report

Safeguard for Privileged Passwords allows you to schedule the generation of an activity audit log report, which will then be sent via email. The emailed report will be an attachment in the selected .csv or .json format.

To schedule an activity audit log report

  1. From the Safeguard for Privileged Passwords desktop Home page, select Activity Center.
  2. Specify the search criteria to be used to generate the desired report. For more information, see Applying search criteria.
  3. Click Schedule.
  4. If the Configure Email dialog displays, click Configure Email to add your email in the My Account dialog. (The email server must be configured in Safeguard for emails to be sent.)
  5. In the Schedule Report dialog, enter the following information:
    1. Name: Enter a name for the report.
    2. Description: Optionally, enter descriptive text for the report.

    3. Send To: Read-only field displaying the email address of the user currently logged into the Safeguard for Privileged Passwords client. This field is required. If this field is blank, you must set your email address in My Account. For more information, see User information and log out (desktop client).

    4. Select a Report Format, which can be CSV or JSON. Different information may be returned based on whether you select CSV or JSON. For example, JSON includes details of accounts discovered and CSV includes only the count of accounts.
    5. Select the Detailed Report check box to generate a longer, more detailed report.

    6. To set the schedule, select Run Every to run the job per the run details you enter. (If you deselect Run Every, the schedule details are lost.)

      • Configure the following.

        To specify the frequency without start and end times, select from the following controls. If you want to specify start and end times, go to the Use Time Window selection in this section.

        Enter a frequency for Run Every. Then, select a time frame:

        • Minutes: The job runs per the frequency of minutes you specify. For example, Every 30 Minutes runs the job every half hour over a 24-hour period. It is recommended you do not use the frequency of minutes except in unusual situations, such as testing.

        • Hours: The job runs per the minute setting you specify. For example, if it is 9 a.m. and you want to run the job every two hours at 15 minutes past the hour starting at 9:15 a.m., select Runs Every 2 Hours @ 15 minutes after the hour.

        • Days: The job runs on the frequency of days and the time you enter.

          For example, Every 2 Days Starting @ 11:59:00 PM runs the job every other evening just before midnight.

        • Weeks The job runs per the frequency of weeks at the time and on the days you specify.

          For example, Every 2 Weeks Starting @ 5:00:00 AM and Repeat on these days with MON, WED, FRI selected runs the job every other week at 5 a.m. on Monday, Wednesday, and Friday.

        • Months: The job runs on the frequency of months at the time and on the day you specify.

          For example, If you select Every 2 Months Starting @ 1:00:00 AM along with First Saturday of the month, the job will run at 1 a.m. on the first Saturday of every other month.

      • Select Use Time Windows if you want to enter the Start and End time. You can click Add or Remove to control multiple time restrictions. Each time window must be at least one minute apart and not overlap.

        For example, for a job to run every ten minutes every day from 10 p.m. to 2 a.m., enter these values:

        Enter Every 10 Minutes and Use Time Windows:

        • Start 10:00:00 PM and End 11:59:00 PM

        • Start 12:00:00 AM and End 2:00:00 AM

          An entry of Start 10:00:00 PM and End 2:00:00 AM will result in an error as the end time must be after the start time.

        If you have selected Days, Weeks, or Months, you will be able to select the number of times for the job to Repeat in the time window you enter.

        For a job to run two times every other day at 10:30 am between the hours of 4 a.m. and 8 p.m., enter these values:

        For days, enter Every 2 Days and set the Use Time Windows as Start 4:00:00 AM and End 8:00:00 PM and Repeat 2.

      • (UTC) Coordinated Universal Time is the default time zone. Select a new time zone, if desired.

      If the scheduler is unable to complete a task within the scheduled interval, when it finishes execution of the task, it is rescheduled for the next immediate interval.

  6. Click Schedule Report.

Editing or deleting a saved search or scheduled report

Click the Open toolbar button to display a list of saved searches and scheduled reports. From this dialog, you can delete or edit a saved search or scheduled report.

  1. From the Safeguard for Privileged Passwords desktop Home page, select Activity Center.

  2. From the Activity Center dialog, click Open.

    The Select a Saved Search dialog displays, which contains a list of all saved searches and scheduled reports including the Name, Description, and Schedule.

  3. Select a saved search or scheduled report from the list. The search criteria defined for the search or report appear in the right pane.

  4. Click one of the toolbar buttons or right-click commands.

    • Delete then click Yes in the confirmation dialog to delete the saved search.
    • Edit to display the Save Search to modify the name and description for a saved search or schedule. The Edit button is available for a saved search or a scheduled reports with an interval of Never.
    • Edit Schedule to displays the Schedule Report dialog to modify the schedule settings for a scheduled report. The Edit Schedule button is available for a saved search or a scheduled report. Using the command for a saved search allows you to convert it to a scheduled report.

NOTE: Clicking the Open button at the bottom of the Select a Saved Search dialog closes the dialog and returns you to the Activity Center view, where the query tiles for the selected search or report appear. You can then select Run to generate the report.

Viewing event details

Additional detailed information is available for some activity events.

To see the details of a specific event

  1. Double-click an event to view additional details. Different event types may also display additional options such as:

    • On Password management events, select Details to see the details of the password change or check tasks.

    • On Access Request Session events, click More Info to open the event recording in Safeguard for Privileged Sessions.

  2. Double-click to close the event details.
Verwandte Dokumente

The document was helpful.

Bewertung auswählen

I easily found the information I needed.

Bewertung auswählen