Skip to main content

Audit Logs and Reports - Hitachi ID Privileged Access Manager

Logging Logins to Privileged Accounts

Hitachi ID Privileged Access Manager logs and can report on every disclosure of access to every privileged account. This means that the time interval during which a user was connected to a privileged account or during which a password was disclosed to a program or person is always recorded, is retained definitely and is visible in reports.

Privileged Access Manager also logs all attempts by users to search for managed systems and to connect to privileged accounts, even if login attempts were denied. This means that even denied attempts and requests to access privileged accounts are visible in reports.

Privileged Access Manager also logs auto-discovery and auto-configuration process status as well as manual changes to its own configuration. This means that the health of systems on the network can be inferred from Privileged Access Manager reports.

Exit traps can be used to forward copies of Privileged Access Manager log entries to another system (e.g., an SIEM, typically via SYSLOG) for analytics and tamper-proof archive.

Reports Create Accountability

Privileged Access Manager includes event reports, which make it possible to see, among other things:

  • What users launched login sessions to what accounts.
  • How often access to any given account was granted.
  • When and how often passwords were changed on target systems.
  • How often users attempted to sign into Privileged Access Manager.
  • What the results of those authentication attempts were.
Reports are also included to examine the set of discovered / managed systems and accounts.

Privileged Access Manager status and process trends are visible in dashboards. For example, how many checkouts are currently active, how many systems are currently under management, how many requests are pending approval, etc. are all visible in a dashboard.

Included reports can also be used to find anomalous activity. For example, there are reports on popular checkouts by system, account, requester and approver. This can be used to identify users with unusually high (are they hacking?) or low (are they getting any work done?) activity. Reports can also be based on time of day. For example, a regularly scheduled report (every morning) can enumerate all checkouts made between 6PM and 6AM and send that data to a security officer.

The Privileged Access Manager schema is well documented and the database is a standard, relational SQL back-end. This makes it possible for Hitachi ID Systems customers to write custom reports using off-the-shelf programs such as Crystal Reports or Cognos BI.

Supporting Regulatory Requirements

By recording administrative access to key systems and in some cases by requiring multiple people to approve such access before it happens, Privileged Access Manager can both limit and record access to sensitive systems that contain privacy-protected or financial data. These controls assist in complying with regulations such as HIPAA, SOX, PCI and more.


Watch a Movie

Report on requests for privileged access


Play movie

Content:

  • Requests for "one-time" access to privileged accounts are archived indefinitely and visible in reports.

Key concepts:

  • Privileged Access Manager differentiates between "one-time" requests (which must pass through workflow authorization) and "ACL-based" access requests, which do not.
  • All privileged access is logged and visible in reports.
  • "One-time" access requires a special report, since it includes different meta data -- a requester, a recipient, one or more authorizers, a scheduled time window, etc.

Read More:

  • Randomize Privileged Passwords:
    Privileged Access Manager periodically randomizes passwords on privileged accounts.
  • Launch Privileged Login Sessions:
    Privileged Access Manager launches login sessions to privileged accounts subject to access control policies and/or workflow approvals.
  • Limit Concurrent Administrator Logins:
    Privileged Access Manager controls how many people can sign into the same privileged account at the same time using a checkout/checkin process.
  • Record Administrator Logins:
    Privileged Access Manager can record the login sessions it launches for users to sign into privileged accounts. These recordings are both a forensic audit trail and a knowledge sharing resource.
  • Password History:
    Privileged Access Manager captures a full history of passwords for privileged accounts. This is useful when recovering servers and databases from backup media.
  • Audit Logs and Reports:
    Login sessions to privileged accounts are logged by Privileged Access Manager and visible in reports. This makes administrators accountable for changes they may make to systems and applications.
  • Eliminate Embedded Passwords:
    Privileged Access Manager allows organizations to eliminate static, plaintext passwords embedded in applications. An API allows applications to secure acquire credentials to other applications on demand.
  • Change Service Account Passwords:
    Privileged Access Manager periodically changes passwords for accounts used to run Windows services and notifies appropriate OS components, such as service control manager and scheduler, of the new password value.
page top page top