Auditing system changes
Users with sufficient or administrator privileges can modify the system configuration in ways that could affect the system environment. System Trails feature enables you to track changes to the system configuration. All user-initiated events that modify the system's state or behavior are logged. This section will guide you to use the System Trail feature.
Understanding audit events
Every action for configuration change in the system log is defined with standard parameters and event-specific additional details. Standard parameters include
Timestamp
Action Type
Performed (Name of the type)
Additional event-specific parameters include change logs of respective event groups.
Viewing system trail
To reach the system trail, follow the steps below:
Navigate to the "System" option in the navigation bar.
Select "System Trail" from the sidebar. An informative screen will appear in front of you about the trails.
Choose the Date & Time to define the period for which you wish to view the trails.
Select the "Instance" for which you wish to view the trails.
Navigate to the right corner, where you will see a drop-down list of the types of system trails you wish to view. Based on the parameter selected from the drop-down list, you will see details covering Timestamp, Action, Performed by, Instance, and the selected parameter.
Based on the action executed, a complete list of the changes made regarding the 'Action' will be generated and viewable.
System events & groups
System trail events are available in the following groups.
Trail Record | Description |
|---|---|
Access types | The type of access could either be user-defined or system-defined. |
Account dependencies | Account dependencies deal with password setting changes for dependent accounts. |
Account group policy | Account group policy deals with enforcing comment, comment minimum length, allowing access via API, and requiring ticket numbers. |
Account groups | Account groups are created to define which accounts belong to which asset type so that similar assets and accounts are mapped to a group for a particular access. |
Account group attributes | The properties of the account group are used to configure and define an account group. |
Account group mapping | The linking of account groups to various accounts having common access or purpose of work. |
Accounts | Accounts are used to provide particular access to users. |
Account defaults | Default parameters of accounts such as asset category, asset type, account type, and account role. |
Account discovery | Accounts that were discovered across target assets and automatically onboarded to ease the load of creating several accounts every time of account discovery are used. |
Active mapping | Active mapping process is used to link user groups to account groups. |
Active mapping account group | The list of account groups available to be mapped to the user groups. |
Active mapping attributes | The properties of active mapping are used to map user and account groups. |
Active mapping user group | The list of user groups available to be mapped to the account groups. |
| Appearance | It helps to customize the system's user interface, such as logo, title, message, etc. |
Appserver TPA | It helps to fetch data of all the access types available. |
Asset configuration directory server | Deals with changes in asset configuration pertaining to the directory server. |
Asset types | Type of target assets based on asset category. |
Asset type access types | The access types which are mapped to the asset type. |
Asset type password change method | The method to change the password of the asset type. |
Assets | List of target assets mapped within the PAM system. |
Checkout policy | Policies to request a checkout of passwords to target assets and accounts. |
Command types | Type commands that can be executed. |
Criticality levels | The level of critical task that we are dealing with defines the criticality level. |
Directory stores | Types of directory such as Windows AD. |
Duo | An authentication provider requires an integration key and secret key to have access to the system. |
Email gateway | A gateway that allows communication of alerts and OTP's to users with SMTP protocols to pass through the server connection. |
Email templates | Notification templates that tell you whatever activity has taken place in the system. |
Generic radius | An authentication provider which requires a username and shared key to have access to the system. |
Google authenticator | An authentication provider which requires the URL link to access the system. |
Instances | These are created to attach an object to itself for defining its functionalities. |
IO devices | The devices which are required to perform input and output operations on the system. |
IP segments | The IP range which is required to have set boundaries for certain data access in the system. |
Landing & app servers | Used when the ports needed for taking sessions are blocked on PAM or when the processing of sessions needs to be handled by a different server. |
Locations | It helps to locate the IP segments of the particular location. |
Log forwarding | It enables Sectona Session Logs to be forward to an external service such as a SIEM. |
Network discovery AD | It helps to discover assets across the active directory. |
Network discovery AWS | It helps to discover assets across AWS. |
Network discovery Azure | It helps to discover assets across Azure. |
Network discovery Hyper V | It helps to discover assets across Hyper-V. |
Network discovery VMWare | It helps to discover assets across VMware. |
Network proxy | Provides a proxy server to the network. |
Network scan | It helps to discover assets using a network scan. |
| Notification rules | It determines the rules that need to be followed while sending a notification based on the attributes. |
| Notification templates | It helps to configure/customize notification templates used by the system for various notifications. |
Okta | An authentication provider, which requires a sub-domain and API key to have access to the system. |
One login | An authentication provider which requires a sub-domain, client ID, and client secret to have access to the system. |
OTP configuration | The configuration to generate OTP having maximum retries and OTP length. |
Password change method process | Process for a corresponding password change method. |
Password change methods | The type of password change techniques. |
Password manager | The manager keeps a record of the password change and history of that particular job involved. |
Password manager accounts | Managing the history of accounts whose passwords have been changed. |
Password policy | The properties of passwords that needs to be defined by the user based on the organization's requirement. |
Risk score matrix | The matrix which defines risk activity with the default and configured risk level. |
Rotation policy | The properties of a password defined by the user to tell how frequently the password must be changed automatically in this policy. |
RSA secure ID | An authentication provider which requires a username and shared key to access the system. |
Schedulers | Deals with automatic scheduling of parameters such as password rotation, report generation, etc. |
Sectona authentication lockout policy | The policy which defines the Sectona authentication, i.e. how the password must be locked or unlocked. |
Sectona authentication password policy | The policy which defines the Sectona authentication i.e., how the password must be generated. |
| Server access policy | It helps to restrict/allow access to certain programs/commands for specific users in the User Groups. |
| Service desk | It helps to configure parameters for service desk/ticketing system integration. |
SMS gateway | The gateway URL is required with a username and password to receive an SMS OTP for authentication. |
System backup | The backup of our PAM system, which might be enabled locally or remotely by the user. |
System default | This helps to see the default as well as configured values when the system is modified. |
| Tags | It is a tag as a parameter set to account, user and asset. |
Task library | It displays the task that is already created. |
Task library process | It defines the various tasks that the user can perform on a day-to-day basis. |
User access policy | It defines the method for a user to access the system. |
User settings | The settings are configured for a user. |
Users | Users are the end-users who access the PAM system. |
User groups | These groups are created to add a User to the User Group, which have similar functions and roles. |
User groups active directory | It helps to add a user to a an Active Directory based User Group. |
User group attributes | It helps to add a user to an Attribute-based User Group. |
User group mapping | It helps to map a user to a defined user group. |
User instances | It helps to map a user to the required Instance. |
User roles | It defines the roles which are permitted to a specific user. |
User tasks | These are privileged tasks that the user needs to execute on the target asset. |
Vasco token | An authentication provider which requires an username and shared key to have access to the system. |
Video recording | The sessions are been recorded according to the properties modified by the user. |
Workflow master request types | It helps to put forth workflow requests for access or password change. |
Workflow masters | It helps to create a connection according to the asset category and asset type involved. |
Workflow master approvers | It helps to approve workflow requests for access or password change. |
Workflow master attributes | Properties of workflow master. |
Related How-to Articles