Audit Logs and Reports - Hitachi ID Privileged Access Manager
Logging Logins to Privileged Accounts
Hitachi ID Privileged Access Manager logs and can report on every disclosure of access to every
privileged account. This means that the time interval during which a
user was connected to a privileged account or during which a password
was disclosed to a program or person is always recorded, is retained
definitely and is visible in reports.
Privileged Access Manager also logs all attempts by users to search for managed
systems and to connect to privileged accounts, even if login attempts
were denied. This means that even denied attempts and requests to
access privileged accounts are visible in reports.
Privileged Access Manager also logs auto-discovery and auto-configuration
process status as well as manual changes to its own configuration.
This means that the health of systems on the network can be inferred
from Privileged Access Manager reports.
Exit traps can be used to forward copies of Privileged Access Manager log entries
to another system (e.g., an SIEM, typically via SYSLOG) for analytics
and tamper-proof archive.
Reports Create Accountability
Privileged Access Manager includes event reports, which make it possible to see,
among other things:
- What users launched login sessions to what accounts.
- How often access to any given account was granted.
- When and how often passwords were changed on target systems.
- How often users attempted to sign into Privileged Access Manager.
- What the results of those authentication attempts were.
Reports are also included to examine the set of discovered / managed
systems and accounts.
Privileged Access Manager status and process trends are visible in dashboards.
For example, how many checkouts are currently active, how many
systems are currently under management, how many requests are pending
approval, etc. are all visible in a dashboard.
Included reports can also be used to find anomalous activity.
For example, there are reports on popular checkouts by system,
account, requester and approver. This can be used to identify users
with unusually high (are they hacking?) or low (are they getting
any work done?) activity. Reports can also be based on time of day.
For example, a regularly scheduled report (every morning) can enumerate
all checkouts made between 6PM and 6AM and send that data to a security
The Privileged Access Manager schema is well documented and the database is
a standard, relational SQL back-end. This makes it possible for
Hitachi ID Systems customers to write custom reports using off-the-shelf
programs such as Crystal Reports or Cognos BI.
Supporting Regulatory Requirements
By recording administrative access to key systems and in some cases
by requiring multiple people to approve such access before it happens,
Privileged Access Manager can both limit and record access to sensitive systems
that contain privacy-protected or financial data. These controls
assist in complying with regulations such as HIPAA, SOX, PCI and more.
Watch a Movie
Report on requests for privileged access
- Requests for "one-time" access to privileged accounts
are archived indefinitely and visible in reports.
- Privileged Access Manager differentiates between "one-time" requests (which
must pass through workflow authorization) and "ACL-based"
access requests, which do not.
- All privileged access is logged and visible in reports.
- "One-time" access requires a special report, since it includes
different meta data -- a requester, a recipient, one or more
authorizers, a scheduled time window, etc.
- Randomize Privileged Passwords:
Privileged Access Manager periodically randomizes passwords on privileged accounts.
- Launch Privileged Login Sessions:
Privileged Access Manager launches login sessions to privileged accounts subject to access control policies and/or workflow approvals.
- Limit Concurrent Administrator Logins:
Privileged Access Manager controls how many people can sign into the same privileged account at the same time using a checkout/checkin process.
- Record Administrator Logins:
Privileged Access Manager can record the login sessions it launches for users to sign into privileged accounts. These recordings are both a forensic audit trail and a knowledge sharing resource.
- Password History:
Privileged Access Manager captures a full history of passwords for privileged accounts. This is useful when recovering servers and databases from backup media.
- Audit Logs and Reports:
Login sessions to privileged accounts are logged by Privileged Access Manager and visible in reports. This makes administrators accountable for changes they may make to systems and applications.
- Eliminate Embedded Passwords:
Privileged Access Manager allows organizations to eliminate static, plaintext passwords embedded in applications. An API allows applications to secure acquire credentials to other applications on demand.
- Change Service Account Passwords:
Privileged Access Manager periodically changes passwords for accounts used to run Windows services and notifies appropriate OS components, such as service control manager and scheduler, of the new password value.