Recording Access Requests and Login Sessions

Hitachi ID Privileged Access Manager logs and can report on every disclosure of access to every privileged account. This means that the time interval during which a user was connected to a privileged account or during which a password was disclosed to a program or person is always recorded, is retained definitely and is visible in reports. Additional details include source and destination DNS names, IP addresses, etc.

Privileged Access Manager also logs all attempts by users to search for managed systems and to connect to privileged accounts, even if login attempts were denied. This means that even denied attempts and requests to access privileged accounts are visible in reports.

Privileged Access Manager also logs auto-discovery and auto-configuration process status as well as manual changes to its own configuration. This means that the health of systems on the network can be inferred from Privileged Access Manager reports.

Exit traps can be used to forward copies of Privileged Access Manager log entries to another system (e.g., an SIEM, typically via SYSLOG) for analytics and tamper-proof archive.

Reports Create Accountability

All data in Privileged Access Manager is in a normalized, relational database schema and can be accessed using standard analytical tools (Crystal Reports, Cognos, MS-Excel, SQL queries, etc).

The schema is well documented and is available to all product licensees and evaluators under NDA. The current release schema documentation is about 127 pages long and includes detailed descriptions of every field, table, relation, value constraint, etc.

Hitachi ID Systems customer can add custom reports to the Privileged Access Manager web UI, so that they can be run interactively, scheduled, have output delivered via e-mail, etc. These reports are written using short Python scripts that mostly contain a SQL SELECT statement which interacts with the Privileged Access Manager back-end database, but can also pull data from other sources (e.g., web services, other SQL databases, LDAP directories, etc.).

Data available through Privileged Access Manager includes:

  • A list of IDs per target system.
  • A list of managed systems per managed system policy.
  • A list of users per user group.
  • Full detail of transaction history.
  • Additional user attributes (e.g., roles, employee ID)
  • Select user attributes drawn from target systems.

Privileged Access Manager includes many standard reports, executed or scheduled through the web user interface and delivered interactively or by e-mail:

  • Users: who can sign into Privileged Access Manager, who can authorize requests for privileged access, who have temporarily been delegated approval rights, who can manage Privileged Access Manager itself, etc.
  • Policies: user classes, access rights assigned to users and user groups, segregation of duties policies.
  • Workflow: open requests, request history, non-responsive authorizers.
  • Managed systems: target systems and policies.
  • Access disclosure: password checkout history, currently checked out passwords, expired passwords (due to be randomized).
  • System operation: event log, authentication history, history of updates made to target systems.
  • System audit: configuration and policy changes made to Privileged Access Manager.

Each report includes a set of search parameters that enables users (who must have the right to run reports) to fine-tune the data they retrieve.

figure

    Screen shot: Privileged Access Manager dashboard