Editing or deleting a saved search or scheduled report
Click the Open toolbar button to display a list of saved searches and scheduled reports. From this dialog, you can delete or edit a saved search or scheduled report.
- From the Safeguard for Privileged Passwords desktop Home page, select Activity Center.
From the Activity Center dialog, click Open.
The Select a Saved Search dialog displays, which contains a list of all saved searches and scheduled reports including the Name, Description, Schedule, and saved Format (.csv or .json).
Select a saved search or scheduled report from the list.
The search criteria defined for the search or report appear in the right pane.
Click one of the toolbar buttons or right-click commands.
- Edit Schedule
If you selected Delete, click Yes in the confirmation dialog.
The selected search or schedule will be removed from the list.
Depending on the type of search selected (saved search or scheduled report), the following editing capabilities are available:
Edit displays the Save Search dialog, allowing you to modify the name and description for a saved search or schedule. The Edit button is available for a saved search or a scheduled reports with an interval of Never.
Edit Schedule displays the Schedule Report dialog, allowing you to modify the schedule settings for a scheduled report. The Edit Schedule button is available for a saved search or a scheduled report. Using the command for a saved search allows you to convert it to a scheduled report.
NOTE: Clicking the Open button at the bottom of the Select a Saved Search dialog closes the dialog and returns you to the Activity Center view, where the query tiles for the selected search or report appear. You can then select Run to generate the report.
Viewing event details
Additional detailed information is available for some activity events.
To see the details of a specific event
- Double-click an event to view additional details.
- On Password management events, select Details to see the details of the password change or check tasks.
- Double-click to close the event details.
Auditing request workflow
In addition to reviewing activity, you can use the Activity Center to audit the transactions that occurred during the request workflow process, from request to approval to review. For session requests, you can also play back a recorded or live session if Record Sessions is enabled in the entitlement's policy.
If you are an authorized reviewer, you can audit an access request's workflow of a completed request awaiting review from the Home page as well.
To audit request workflow
Open the Activity Center, use the query tiles to specify the content of the report, and click Run.
TIP: You can change the activity category tile to specify that you want to see Access Request Activity, Session Specific Activity events, or both.
Select an access request event and click Workflow to audit the transactions that occurred during the request's workflow from request to approval to review.
TIP: If you ran an all activity report, use the filter in the Events column to locate the access request activities.
For session requests that have Record Session enabled in the policy, you can play back a recorded or active session:
Locate an access request session event and click Play to launch the Safeguard for Privileged Passwords Desktop Player. The following activities may be available to you:
- A (green dot) indicates the session is "live". A user with Security Policy Administrator permissions can click this icon to follow an active session.
- If the session recording has been archived and removed from the local Safeguard for Privileged Passwords file system, you will see a Download button instead of a Play button. Click Download to download the recording and then click Play.
- Accept the certificate to continue.
Use one of the following methods to play back the session recording:
- Click Play Channel from the toolbar at the top of the player.
- Click the thumbnail in the upper right corner of the Information page.
- Click Play Channel next to a channel in the Channels pane.
For SSH session requests that have the Enable Command Detection option selected in the policy, you can review a list of the commands and programs run during the session.
For RDP session requests that have the Enable Windows Title Detection option selected in the policy, you can review a list of all the windows opened on the desktop during the privileged session.
- Click the Sessions Events link above the transaction grid to view a list of all the session events and recordings available for the selected session.
- To see the individual events that occurred during a particular Initialize Session transaction:
- Click Show Details to display additional information about the Initialize Session event, including Session Events.
- Click the events link to view the commands and programs run during that particular Initialize Session event
The Session Events dialog displays listing the events with a time stamp showing when the event occurred as well as in which recording if multiple recordings were created.
Filtering report results
To find information in an activity audit log report or entitlement report, use the controls in the grid heading row to filter the data. When a column has selected filter criteria, Safeguard for Privileged Passwords highlights the filter symbol.
To filter columns
- Click Filter to open the filter list.
Select individual objects in the filter list to display specific information.
NOTE: You can also choose the Select All check box at the top of the filter list and clear individual objects.