Chat now with support
Chat with Support

One Identity Safeguard for Privileged Passwords 6.9 - Administration Guide

Introduction System requirements and versions Using API and PowerShell tools Using the virtual appliance and web management console Cloud deployment considerations Setting up Safeguard for Privileged Passwords for the first time Using the web client Getting started with the desktop client Using the desktop client Search box Privileged access requests Toolbox Accounts Account Groups Assets Asset Groups Discovery Entitlements Partitions Settings
Access Request settings Appliance settings Asset Management settings Backup and Retention settings Certificates settings Cluster settings Enable or Disable Services settings External Integration settings Messaging settings (desktop client) Password Management settings Real-Time Reports Safeguard Access settings SSH Key Management settings
Users User Groups Disaster recovery and clusters Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions Appendix A: Safeguard ports Appendix B: SPP 2.7 or later migration guidance Appendix C: SPP and SPS join guidance Appendix D: Regular Expressions About us

Scheduling an activity audit log report

Safeguard for Privileged Passwords allows you to schedule the generation of an activity audit log report, which will then be sent via email. The emailed report will be an attachment in the selected .csv or .json format.

To schedule an activity audit log report

  1. From the Safeguard for Privileged Passwords desktop Home page, select Activity Center.
  2. Specify the search criteria to be used to generate the desired report. For more information, see Applying search criteria.
  3. Click Schedule.
  4. If the Configure Email dialog displays, click Configure Email to add your email in the My Account dialog. (The email server must be configured in Safeguard for emails to be sent.)
  5. In the Schedule Report dialog, enter the following information:
    1. Name: Enter a name for the report.
    2. Description: Optionally, enter descriptive text for the report.
    3. Send To: Read-only field displaying the email address of the user currently logged into the Safeguard for Privileged Passwords client. This field is required. If this field is blank, you must set your email address in My Account. For more information, see User information and log out (desktop client).

    4. Select a Report Format, which can be CSV or JSON. Different information may be returned based on whether you select CSV or JSON. For example, JSON includes details of accounts discovered and CSV includes only the count of accounts.
    5. Select the Detailed Report check box to generate a longer, more detailed report.
    6. To set the schedule, select Run Every to run the job per the run details you enter. (If you deselect Run Every, the schedule details are lost.)

      • Configure the following.

        To specify the frequency without start and end times, select from the following controls. If you want to specify start and end times, go to the Use Time Window selection in this section.

        Enter a frequency for Run Every. Then, select a time frame:

        • Minutes: The job runs per the frequency of minutes you specify. For example, Every 30 Minutes runs the job every half hour over a 24-hour period. It is recommended you do not use the frequency of minutes except in unusual situations, such as testing.
        • Hours: The job runs per the minute setting you specify. For example, if it is 9 a.m. and you want to run the job every two hours at 15 minutes past the hour starting at 9:15 a.m., select Runs Every 2 Hours @ 15 minutes after the hour.

        • Days: The job runs on the frequency of days and the time you enter.

          For example, Every 2 Days Starting @ 11:59:00 PM runs the job every other evening just before midnight.

        • Weeks The job runs per the frequency of weeks at the time and on the days you specify.

          For example, Every 2 Weeks Starting @ 5:00:00 AM and Repeat on these days with MON, WED, FRI selected runs the job every other week at 5 a.m. on Monday, Wednesday, and Friday.

        • Months: The job runs on the frequency of months at the time and on the day you specify.

          For example, If you select Every 2 Months Starting @ 1:00:00 AM along with First Saturday of the month, the job will run at 1 a.m. on the first Saturday of every other month.

      • Select Use Time Windows if you want to enter the Start and End time. You can click Add or Remove to control multiple time restrictions. Each time window must be at least one minute apart and not overlap.

        For example, for a job to run every ten minutes every day from 10 p.m. to 2 a.m., enter these values:

        Enter Every 10 Minutes and Use Time Windows:

        • Start 10:00:00 PM and End 11:59:00 PM
        • Start 12:00:00 AM and End 2:00:00 AM

          An entry of Start 10:00:00 PM and End 2:00:00 AM will result in an error as the end time must be after the start time.

        If you have selected Days, Weeks, or Months, you will be able to select the number of times for the job to Repeat in the time window you enter.

        For a job to run two times every other day at 10:30 am between the hours of 4 a.m. and 8 p.m., enter these values:

        For days, enter Every 2 Days and set the Use Time Windows as Start 4:00:00 AM and End 8:00:00 PM and Repeat 2.

      • (UTC) Coordinated Universal Time is the default time zone. Select a new time zone, if desired.

      If the scheduler is unable to complete a task within the scheduled interval, when it finishes execution of the task, it is rescheduled for the next immediate interval.

  6. Click Schedule Report.

Editing or deleting a saved search or scheduled report

Click the Open toolbar button to display a list of saved searches and scheduled reports. From this dialog, you can delete or edit a saved search or scheduled report.

  1. From the Safeguard for Privileged Passwords desktop Home page, select Activity Center.
  2. From the Activity Center dialog, click Open.

    The Select a Saved Search dialog displays, which contains a list of all saved searches and scheduled reports including the Name, Description, and Schedule.

  3. Select a saved search or scheduled report from the list. The search criteria defined for the search or report appear in the right pane.

  4. Click one of the toolbar buttons or right-click commands.

    • Delete then click Yes in the confirmation dialog to delete the saved search.
    • Edit to display the Save Search to modify the name and description for a saved search or schedule. The Edit button is available for a saved search or a scheduled reports with an interval of Never.
    • Edit Schedule to displays the Schedule Report dialog to modify the schedule settings for a scheduled report. The Edit Schedule button is available for a saved search or a scheduled report. Using the command for a saved search allows you to convert it to a scheduled report.

NOTE: Clicking the Open button at the bottom of the Select a Saved Search dialog closes the dialog and returns you to the Activity Center view, where the query tiles for the selected search or report appear. You can then select Run to generate the report.

Viewing event details

Additional detailed information is available for some activity events.

To see the details of a specific event

  1. Double-click an event to view additional details. Different event types may also display additional options such as:

    • On Password management events, select Details to see the details of the password change or check tasks.

    • On Access Request Session events, click More Info to open the event recording in Safeguard for Privileged Sessions.

  2. Double-click to close the event details.

Auditing request workflow

In addition to reviewing activity, you can use the Activity Center to audit the transactions that occurred during the request workflow process, from request to approval to review. For session requests, you can also play back a recorded or live session if Record Sessions is enabled in the entitlement's policy.

If you are an authorized reviewer, you can audit an access request's workflow of a completed request awaiting review from the Home page as well.

To audit request workflow

  1. Open the Activity Center, use the query tiles to specify the content of the report, and click Run.

    TIP: You can change the activity category tile to specify that you want to see Access Request Activity, Session Specific Activity events, or both.

  2. Select an access request event and click Workflow to audit the transactions that occurred during the request's workflow from request to approval to review.

    TIP: If you ran an all activity report, use the filter in the Events column to locate the access request activities.

  3. For session requests that have Record Session enabled in the policy, you can play back a recorded or active session:

    1. Locate an access request session event and click Play to launch the Safeguard for Privileged Passwords Desktop Player. The following activities may be available to you:

      • A (green dot) indicates the session is "live". A user with Security Policy Administrator permissions can click this icon to follow an active session.
      • If the session recording has been archived and removed from the local Safeguard for Privileged Passwords file system, you will see a Download button instead of a Play button. Click Download to download the recording and then click Play.
    2. Accept the certificate to continue.
    3. Use one of the following methods to play back the session recording:

      • Click Play Channel from the toolbar at the top of the player.
      • Click the thumbnail in the upper right corner of the Information page.
      • Click Play Channel next to a channel in the Channels pane.
  4. For SSH session requests that have the Enable Command Detection option selected in the policy, you can review a list of the commands and programs run during the session.

    For RDP session requests that have the Enable Windows Title Detection option selected in the policy, you can review a list of all the windows opened on the desktop during the privileged session.

    1. Click the Sessions Events link above the transaction grid to view a list of all the session events and recordings available for the selected session.
    2. To see the individual events that occurred during a particular Initialize Session transaction:
      • Click Show Details to display additional information about the Initialize Session event, including Session Events.
      • Click the events link to view the commands and programs run during that particular Initialize Session event

    The Session Events dialog displays listing the events with a time stamp showing when the event occurred as well as in which recording if multiple recordings were created.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating