Exercise 4: Viewing the History tab
Each of the Administrative Tools views has a History tab that allows you to view or export the details of each operation that has affected a selected item.
To view the transaction history of an account
- In Assets, select a managed system.
- Select the History tab to view the transaction history.
- Poke around and notice that each of the Administrative Tools (Account, Assets, Partitions, Users, and so on.) has a History tab.
- Log out.
Exercise 5: Using the Activity Center
The Activity Center is the place to go for troubleshooting issues. The appliance records all activities performed within Safeguard for Privileged Passwords. Any administrator has access to the audit log information; however, your administrator permission set determines what audit data you can access.
To run an activity report
-
Log in as the Auditor.
NOTE: The Auditor has read-only access to all features.
- From the Home page, navigate to the Activity Center.
- Use the default query settings: I would like to see all activity occurring within the last 24 hours.
- Click Run.
- Explore the results.
- Double-click an event to see more details then double-click to close the details.
To filter the content
- Open the User filter list and select AssetAdmin.
- Sort the records so the latest time is listed first.
- Double-click a password event to view the details of the event.
Stay logged in as the Auditor for the next exercise.
Exercise 6: Auditing access requests
The Request Workflow dialog allows you to audit the transactions that took place within a password release or session request. This dialog can be accessed using the Workflow button in the Activity Center view when an access request event is selected in an activity audit log report.
The Workflow button also appears to reviewers for completed access requests.
To view the request workflow for a password release or session request
- Log in as the Auditor.
- From the Home page, navigate to the Activity Center.
- Run an activity audit log report.
-
On the results page, select an access request event and click Workflow.
The Request Workflow dialog displays the workflow transactions from request to approval to review.
- Select Show Details to view more information about the request, approval, and review transactions of that request.
Stay logged in as the Auditor for the next exercise.
Exercise 7: Running reports
Reports allows the Auditor and Security Policy Administrators to view and export entitlement reports that show which assets and accounts a selected user is authorized to access. Reports may be exported in .csv or .json format.
Entitlement reports
Safeguard for Privileged Passwords provides these entitlement reports.
- User: Lists information about the accounts a selected user is authorized to request.
- Asset: Lists information about the accounts associated with a selected asset and the users who have authorization to request those accounts.
- Account: Lists detailed information about the users who have authorization to request a selected account including: Entitlement, Policy, Access Type, Password Included, Password Change, Time Restrictions, Expiration Date, Group, From Linked Account, and Last Accessed.
To run an entitlement report
- As Auditor, select Reports from the Safeguard for Privileged Passwords desktop Home page.
- Choose to view entitlements by Asset.
- Browse to select all assets and click OK.
- In the top pane of the results screen, select an asset to see the details.
- View both the Total Accounts tab and the People tab.
- Select an item from the results to drill down into the details about the users and the accounts.
- Click Export to create a file of the search results in a location of your choice.
- Log out.