Skip to main content

Audit Logs and Reports - Hitachi ID Privileged Access Manager

Logging Logins to Privileged Accounts

Hitachi ID Privileged Access Manager logs and can report on every disclosure of access to every privileged account. This means that the time interval during which a user was connected to a privileged account or during which a password was disclosed to a program or person is always recorded, is retained definitely and is visible in reports.

Privileged Access Manager also logs all attempts by users to search for managed systems and to connect to privileged accounts, even if login attempts were denied. This means that even rejected attempts and requests to access privileged accounts are visible in reports.

Privileged Access Manager also logs auto-discovery and auto-configuration process status as well as manual changes to its own configuration. This means that the health of systems on the network can be inferred from Privileged Access Manager reports.

Exit traps can be used to forward copies of Privileged Access Manager log entries to another system (e.g., an SIEM, typically via SYSLOG) for analytics and tamper-proof archive.

Reports Create Accountability

Privileged Access Manager includes event reports, which make it possible to see, among other things:

  • What users launched login sessions to what accounts.
  • How often access to any given account was granted.
  • When and how often passwords were changed on target systems.
  • How often users attempted to sign into Privileged Access Manager.
  • What the results of those authentication attempts were.
Reports are also included to examine the set of discovered / managed systems and accounts.

Privileged Access Manager status and process trends are visible in dashboards. For example, how many checkouts are currently active, how many systems are currently under management, how many requests are pending approval, etc. are all visible in a dashboard.

Included reports can also be used to find anomalous activity. For example, there are reports on popular checkouts by system, account, requester and approver. This can be used to identify users with unusually high (are they hacking?) or low (are they getting any work done?) activity. Reports can also be based on time of day. For example, a regularly scheduled report (every morning) can enumerate all checkouts made between 6PM and 6AM and send that data to a security officer.

The Privileged Access Manager schema is well documented and the database is a standard, relational SQL back-end. This makes it possible for Hitachi ID Systems customers to write custom reports using off-the-shelf programs such as Crystal Reports or Cognos BI.

Supporting Regulatory Requirements

By recording administrative access to key systems and in some cases by requiring multiple people to approve such access before it happens, Privileged Access Manager can both limit and record access to sensitive systems that contain privacy-protected or financial data. These controls assist in complying with regulations such as HIPAA, SOX, PCI and more.


Watch a Movie

Report on requests for privileged access


Play movie

Content:

  • Requests for "one-time" access to privileged accounts are archived indefinitely and visible in reports.

Key concepts:

  • Privileged Access Manager differentiates between "one-time" requests (which must pass through workflow authorization) and "ACL-based" access requests, which do not.
  • All privileged access is logged and visible in reports.
  • "One-time" access requires a special report, since it includes different meta data -- a requester, a recipient, one or more authorizers, a scheduled time window, etc.

page top page top