Chat now with support
Chat with Support

One Identity Safeguard for Privileged Passwords 2.5 - Administration Guide

Introduction System requirements Installing the One Identity Safeguard for Privileged Passwords desktop client Setting up Safeguard for Privileged Passwords for the first time Getting acquainted with the console Privileged access requests Toolbox Accounts Account Groups Assets Asset Groups Directories Entitlements Partitions Settings
Access Request settings Appliance settings Asset Management settings Backup and Retention settings Certificate settings Cluster settings External Integration settings Messaging settings Profile settings Access settings Sessions settings
Users User Groups Disaster recovery and clusters Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions
How do I access the API How do I audit transaction activity How do I configure external federation authentication How do I manage accounts on unsupported platforms How do I modify the appliance configuration settings How do I prevent Safeguard for Privileged Passwords messages when making RDP connections How do I see which assets and/or accounts are governed by a profile How do I set the appliance system time How do I setup discovery jobs How do Safeguard for Privileged Passwords database servers use SSL What are the access request states What do I do when an appliance goes into quarantine What is required for One Identity Safeguard for Privileged Passwords, embedded sessions module What is required to integrate with Starling Identity Analytics & Risk Intelligence What needs to be set up to use Application to Application What role-based email notifications are generated by default When does the rules engine run for dynamic grouping and tagging Why did the password change during an open request Why join Safeguard for Privileged Passwords to One Identity Starling
Safeguard Desktop Player Appendix: Safeguard ports

Activity Center

The Activity Center is the place to go to view the details of specific events or user activity. The appliance records all activities performed within One Identity Safeguard for Privileged Passwords. Any administrator has access to the audit log information; however, your administrator permission set determines what audit data you can access. For more information, see Administrator permissions.

The toolbar at the top of the main Activity Center page contains these options.

Table 20: Activity Center: Main page toolbar
Option Description
Clear Resets the current search criteria back to the default settings (all activity occurring within the last 24 hours.)
Schedule Allows you to define when the activity audit log report is to be generated and sent via email. For more information, see Scheduling an activity audit log report.
Open Allows you to access previously saved search and scheduled reports.
Save Saves the current search criteria which can be used later to generate the report. For more information, see Saving search criteria.
Run button Generates an activity audit log report based on the search criteria specified.

In addition, query tiles display the criteria you have applied to search the activity data. By default, only the Activity category and Time frame tiles display. Use the Add button to specify additional query criteria to retrieve the information you are looking for. For more information, see Applying search criteria.

Once an activity audit log report is generated, the results page contains the search results grid and these toolbar options.

Table 21: Activity Center: Results page toolbar
Option Description

Back takes you back to the query page where you can modify the search criteria.

Refresh closes the details and updates the search results page.

Applying search criteria

Use the Activity Center's query builder to add and remove data from your activity audit log report to get the information you need.

By default, an activity audit log report includes all activity occurring within the last 24 hours. However, using the query tiles provided you can specify search criteria to retrieve specific information from the activity audit log. The search criteria available includes:

  • Activity category
  • Time frame
  • User
  • Asset
  • Account
  • Search keyword or value

To apply search criteria to the audit log

Activity Category and Time frame are required to generate a report. Other search criteria is optionally and allows you to narrow the report to exact parameters provided

  1. From the Safeguard for Privileged Passwords desktop Home page, select Activity Center.
  2. To limit the report to a particular type of activity, click the Activity category tile (I would like to see) and select the activity category to be included in the report.

  3. To specify a different time frame, click the Time frame tile (occurring within the) and select the time frame to be included in the report. If using the Custom option, specify the custom time range.

  4. To see activity attributed to a specific user, click the Add button and select Add User.

    • In the Users selection dialog, select the user to be included in the report. You can specify only one user.

    An additional tile (attributed to) appears listing the user selected.

  5. To see activity involving a specific asset, click the Add button and select Add Asset.

    • In the Assets selection dialog, select the asset to be included in the report. You can specify only one asset.

    An additional tile (involving the asset) appears listing the asset selected.

    NOTE: When an account is specified, the Add Asset option is not available.
  6. To see activity involving a specific account, click the Add button and select Add Account.

    • In the Accounts selection dialog, select the account to be included in the report. You can specify only one account.

    An additional tile (involving the account) appears listing the account selected.

    NOTE: When an asset is specified, the Add Account option is not available.
  7. You can also search session activity for a specific keyword or value.

    1. Change the activity category to Session Specific Activity (or In-Session Activity).
    2. Click the Add button and select Add Search value.
    3. In the Enter a Search Value dialog, enter the keyword or value (e.g., regedit) and click OK.

    An additional tile (that includes) appears listing the keyword or value specified. If you change the activity category, the keyword tile will be dimmed indicating it will not be included in the query.

  8. To remove or edit your selections, use the icons in the upper right corner of a query tile:

    • Clear: Resets the value back to the default. Clear is only available for Activity category and Time frame.

    • Delete: Removes the query tile from the search criteria.
    • Edit: Displays the corresponding dialog allowing you to modify your selection. You can also click a query tile to edit your selection.

Saving search criteria

You can save the current search criteria defined to be used at a later time to generate an activity audit log report. You can save the current search criteria from the main Activity Center view (query builder page) or from the results view.

To save the current search criteria

  1. From the Safeguard for Privileged Passwords desktop Home page, select Activity Center.
  2. Specify the search criteria to be used to generate the desired report. For more information, see Applying search criteria.
  3. Click Save.
  4. In the Save Search dialog, enter the following information:

    1. Name: Enter a name for the search.
    2. Description: Optionally, enter descriptive text to describe the search.
  5. Click OK.
  6. To run a previously saved search, click Open.

    1. Select a search from the list.

      The criteria for the selected search is displayed in the right pane.

    2. Click Open.

    The query tiles for the selected search appear in the Activity Center page, where you can then select Run to generate the report.

Related Topics

Editing or deleting a saved search or scheduled report

Generating an activity audit log report

To generate an activity audit log report

  1. From the Safeguard for Privileged Passwords desktop Home page, select Activity Center.
  2. Use the query tiles to specify the content of the report.:

    By default the audit log returns all activity occurring within the last 24 hours. Use the query tiles on the Activity Center page to include specific information from the activity audit log in your results. For more information, see Applying search criteria.

  3. Click Run.

    You can also save search criteria for use at a later time. For more information, see Saving search criteria.

    The information displayed by default depends on the type of activity report generated. For example, the "All Activity" report displays the following information for each event:

    • State: The left-most column displays one of the following regarding the availability of a recorded session:
      • Blank: Indicates that there is no recorded session available.
      • (green dot): Indicates that a live session is taking place. A Security Policy Administrator can click this button to launch the desktop player to follow what is happening in the current session.
      • Play: Indicates that there is a recorded session available locally on the appliance. Clicking this button launches the desktop player to play back the selected recording.
      • Download: Indicates that there is a recorded session available on the archive server. Clicking this button downloads the recording for play back.

      NOTE: These icons only appear on an "All Activity" or "Session Specific Activity" report.
    • User: The name of the user who triggered the event.
    • Date: The date and time the event occurred.
    • Activity Category: The category that defines the type of activity that occurred.
    • Event: The event that occurred.

  4. Double-click an event to view additional details. Double-click to close the details.

Once a report is generated, you can use the buttons above the grid as described below.

Table 22: Activity Center: Results grid toolbar
Option Description

Time frames

To rerun the report using a different time frame, select one of the following links:

  • Last 24 Hours (default)
  • Last 7 Days
  • Last 30 Days
  • Last 60 Days
  • Last 90 Days
  • Custom

    Specify the time range for the Custom time frame.

After selecting a different time frame, click Run.

Workflow

Select an access request event and click Workflow to audit the transactions that occurred during the request's workflow from request to approval to review.

TIP: For session requests, you can also replay a recorded session or live session from the Request Workflow dialog. For more information, see Replaying a session.

Run

Select to regenerate the report using the specified time frame.

Export

Select to create a .json file of the search results and save it in a location of your choice.

Schedule Select to schedule the generation of the activity audit log report.
Save

Select to save the current search criteria.

Column

Select to display a list of columns that can be displayed in the grid. Select the check box for data to be included in the report. Clear the check box for data to be excluded from the report.

NOTE: The additional columns available depend on the type of activity included in the report.
Related Documents