Auditing request workflow
In addition to reviewing activity, you can use the Activity Center to audit the transactions that occurred during the request workflow process, from request to approval to review. For session requests, you can also play back a recorded or live session if Record Sessions is enabled in the entitlement's policy.
If you are an authorized reviewer, you can audit an access request's workflow of a completed request awaiting review from the Home page as well.
To audit request workflow
-
Open the Activity Center, use the query tiles to specify the content of the report, and click Run.
TIP: You can change the activity category tile to specify that you want to see Access Request Activity, Session Specific Activity events, or both.
-
Select an access request event and click Workflow to audit the transactions that occurred during the request's workflow from request to approval to review.
TIP: If you ran an all activity report, use the filter in the Events column to locate the access request activities.
-
For session requests that have Record Session enabled in the policy, you can play back a recorded or active session:
-
Locate an access request session event and click Play to launch the Safeguard for Privileged Passwords Desktop Player. The following activities may be available to you:
- A (green dot) indicates the session is "live". A user with Security Policy Administrator permissions can click this icon to follow an active session.
- If the session recording has been archived and removed from the local Safeguard for Privileged Passwords file system, you will see a Download button instead of a Play button. Click Download to download the recording and then click Play.
- Accept the certificate to continue.
-
Use one of the following methods to play back the session recording:
- Click Play Channel from the toolbar at the top of the player.
- Click the thumbnail in the upper right corner of the Information page.
- Click Play Channel next to a channel in the Channels pane.
-
For SSH session requests that have the Enable Command Detection option selected in the policy, you can review a list of the commands and programs run during the session.
For RDP session requests that have the Enable Windows Title Detection option selected in the policy, you can review a list of all the windows opened on the desktop during the privileged session.
- Click the Sessions Events link above the transaction grid to view a list of all the session events and recordings available for the selected session.
- To see the individual events that occurred during a particular Initialize Session transaction:
- Click Show Details to display additional information about the Initialize Session event, including Session Events.
- Click the events link to view the commands and programs run during that particular Initialize Session event
The Session Events dialog displays listing the events with a time stamp showing when the event occurred as well as in which recording if multiple recordings were created.
Filtering report results
To find information in an activity audit log report, ownership report, or entitlement report, use the controls in the grid heading row to filter the data. When a column has selected filter criteria, Safeguard for Privileged Passwords highlights the filter symbol.
To filter columns
- Click Filter to open the filter list.
-
Select individual objects in the filter list to display specific information.
NOTE: You can also choose the Select All check box at the top of the filter list and clear individual objects.
Sorting report results
Use the controls in the grid heading row to sort report results or rearrange the columns of data. An arrow in the column heading identifies the sort criteria and order, ascending or descending, being used to display information.
To sort columns
- Click the column heading to be used for the sort criteria.
- The sort order is in ascending order. To change it to descending order, click the heading a second time.
- To specify a secondary sort order, press the SHIFT key and then click the heading of the column to be used for the secondary sort order.
To move columns
To change the order of the columns, click the heading of the column to be moved. Drag and drop the column to a new location within the grid.
To change the columns that display
In the upper right corner, click Column to see a list of columns that can be displayed in the grid. Select the check box for data to be included in the report. Clear the check box for data to be excluded from the report. The additional columns available depend on the type of activity included in the report.
Search box
Whether you are using the desktop client or web client, the search box can be used to filter the data being displayed. When you enter a text string into the search box, the results include items that have a string attribute that contains the text that was entered. This same basic search functionality is also available for many of the detail panes and dialogs, allowing you to filter the data displayed in the associated pane or dialog.
When searching for objects in the object lists, an attribute search functionality is also available where you can filter the results, based on a specific attribute. That is, the search term matches if the specified attribute contains the text. To perform an attribute search, click the icon to select the attribute to be searched.
Rules for using the search functionality:
- Search strings are not case-sensitive. Exception: in the web client, the Approvals and Reviews searches are case sensitive.
-
(Web client only) On the web client, when you click on the search icon in the search bar you will see a drop down of available search attributes (columns) for the grid. This can be used in conjunction with the entered search strings.
Some of the search attributes will also have an arrow to expand subsearches. These subsearches have pre-defined search strings.
- By default, results are displayed in alphabetical order.
- Wild cards are not allowed.
-
Try using quotes and omitting quotes. As you use the product, you will become familiar with the search requirements for the search fields you frequent. Safeguard may perform a general search (for example, omits quotes) or a literal search (for example, includes quotes). Example scenarios follow:
- When multiple search strings are included, all search criteria must be met in order for an object to be included in the results list. In the web client, if conflicting attributes are entered for the same search (for example, both true and false) then the results will expand to show all matches so long as they fit one of those attributes.
- When you combine a string search and an attribute search, the order they are entered into the search box matters. The attribute searches can be in any order, but the string search must come after the attribute searches.
- In large environments, you will see a result number to tell you how many objects match the criteria; however, only the first 200 objects will be retrieved from the server. When you scroll down the list, more objects will be retrieved (paged) as needed.
-
(Web client only) To search using dates and times in the web client, the following format is used: YYYY-MM-DDThh:mm:ss. For example, if you are searching for an entitlement that expires December 1, 2021 then you would use the following search: ExpirationDate:2021-12-01. To include a minimum and maximum value in a search, use .. to separate two values. For example, if you are searching for an entitlement that expires between December 1, 2021 and December 3, 2021 then you would use the following search: ExpirationDate:2021-12-01..2021-12-03.
To search for objects or object details
- Enter a text string in the Search box. As you type, the list displays items whose string attributes contain the text that was entered.
Examples:
- Enter T in the search box to search for items that contain the letter "T".
- Enter sse to list all items that contain the string "sse," (such as "Asset").
NOTE: The status bar along the bottom of the console shows the number of items returned.
-
To clear the search criteria, click Clear.
When you clear the search criteria, the original list of objects is displayed.
You can also Search by attribute.