You can configure the notification engine to send pre-defined template-based email to specific users when an event that is related to the template occurs. For example, the PAM server can notify and send a message when a user is added to the system. Sectona provides pre-defined notification rule out of which some can be user configured and some are system configured. Sectona has 18 notification group and each group has different content tags which provided essential information of particular event. Following are the list of Pre-defined templates and Content tags of each notification group

This section covers:

Pre-defined Notification Templates

You can send the standard notifications by Sectona Privileged Access Management, including the auto-generated notifications that are generated by the system or user. The system has pre-defined and out of box notification templates for multiple system changes. Refer to the following table for pre-defined notifications template available in Sectona:

Sr. No

Configuration

Predefined Notification Rule

Description

1

User Configured

Account Created

Sends notification when an account is created

2

User Configured

Account Group Created

Sends notification when an account group is created

3

User Configured

Account Group Deleted

Sends notification when an account group is deleted

4

User Configured

Account Group Modified

Sends notification when some updates are made in an account group

5

User Configured

Account Password Out Of Sync

Sends notification when the account password is out of sync on PAM and the target asset

6

User Configured

Account Password Change Failed

Sends notification when account password change procedure has failed

7

User Configured

Account Password Change Success

Sends notification when the account password has been changed successfully

8

System Configured

Account Password CheckedOut

Sends notification when the account password has been checked out

9

System Configured

Analytical Report Exported

Sends notification when an analytical report is exported

10

User Configured

Asset Created

Sends notification when an asset is created

11

User Configured

Asset Not Reachable

Sends notification when an asset is not reachable

12

User Configured

Collaboration Invitation Created

Sends notification when user sends session collaboration invite to another user

13

User Configured

Command Executed

Sends notification when the command configured under 'Server Access Policy' is completed

14

User Configured

Command Execution Confirmed

Sends notification when the user confirms the command that needs to be executed under 'Server Access Policy'

15

User Configured

Command Execution Denied

Sends notification when the command we have configured to be denied is denied

16

User Configured

Command Execution Elevated

Sends notification when the command which is part of 'Server Access Policy' is elevated to a privileged user for execution

17

User Configured

Exclusive Access Assigned

Sends notification when exclusive access is assigned to the user

18

User Configured

File Deleted

Sends notification when a file is deleted  

19

User Configured

File Transfer Completed

Sends notification when a file is transferred from one machine to another using FTP, SCP or SFTP 

20

User Configured

High Availability Master Server Changed

Sends notification when master for the HA has been changed

21

User Configured

High Availability Node Added

Sends notification when HA is added

22

User Configured

High Availability Node Changed

Sends notification when an update is made in HA

23

User Configured

High Availability Process Started

Sends notification when HA has been started

24

User Configured

High Availability Process Stopped

Sends notification when HA has been stopped

25

User Configured

High Availability Server Not Reachable

Sends notification when HA is not reachable

26

User Configured

High Availability ServerOut Of Sync

Sends notification when HA is not synced with the system

27

User Configured

Instance Created

Sends notification when an instance is created

28

User Configured

Instance Modified

Sends notification when an update is made in the instance

29

User Configured

Login Failed

Sends notification when login has been failed

30

User Configured

Login Successful

Sends notification when user logs in successfully

31

System Configured

Maker Checker Request Approved

Sends notification when maker checker request is approved

32

System Configured

Maker Checker Request Created

Sends notification when maker checker request is created

33

System Configured

Maker Checker Request Processed

Sends notification when maker checker request has been processed

34

System Configured

Maker Checker Request Rejected

Sends notification when maker checker request has been rejected

35

System Configured

Multifactor Authentication Failed

Sends notification when MFA is failed while login

36

User Configured

Password Checkout Policy Created

Sends notification when password checkout policy is created

37

User Configured

Password Checkout Policy Modified

Sends notification when an update is made in password checkout policy

38

System Configured

Password Manager Process Completed

Sends notification when password change job is completed

39

System Configured

Password Manager Process Started

Sends notification when password change job is initiated

40

User Configured

Rotation Policy Created

Sends notification when rotation policy is created

41

User Configured

Rotation Policy Modified

Sends notification when an update is made in a rotation policy

42

User Configured

Satellite Vault Configuration Changed

Sends notification when satellite vault configuration is changed

43

User Configured

Satellite Vault Configured

Sends notification when satellite vault is configured

44

System Configured

Satellite Vault Security Key Received

Sends notification when satellite change job is initiated

45

System Configured

Scheduled Report Generated

Sends notification when a scheduled report is generated

46

System Configured

Sectona One Time Password

Sends OTP to user when user logs in to Sectona via through Multifactor Authentication

47

User Configured

Server Access Policy (Unix) Created

Sends notification when server access policy is created for Unix machine

48

User Configured

Server Access Policy (Unix) Deleted

Sends notification when server access policy for Unix machine is deleted

49

User Configured

Server Access Policy (Unix) Modified

Sends notification when an update is made in server access policy of Unix machine

50

User Configured

Server Access Policy (Windows) Created

Sends notification when server access policy is created for Windows machine

51

User Configured

Server Access Policy (Windows) Deleted

Sends notification when server access policy for Windows machine is deleted

52

User Configured

Server Access Policy (Windows) Modified

Sends notification when an update is made in server access policy of Windows machine

53

User Configured

Session Completed

Sends notification when the session is completed

54

User Configured

Session Initiated

Sends notification when the session is initiated

55

User Configured

Session Process Execution Completed

Sends notification when the process is executed in the session

56

User Configured

Session Process Execution Confirmed

Sends notification when the process execution is confirmed in the session

57

User Configured

Session Process Execution Denied

Sends notification when the process execution is disallowed in the session

58

User Configured

Session Proxy Started

Sends notification when the session proxy is started

59

User Configured

Session Proxy Stopped

Sends notification when the session proxy is stopped

60

System Configured

Session review request

Sends notification when session review request has been created

61

User Configured

System Backup Configuration Changed

Sends notification when an update is made in system backup configuration

62

User Configured

System Backup Configured

Sends notification when system backup is configured

63

User Configured

System Backup Created

Sends notification when the system backup is created

64

User Configured

System Health Information

Sends notification when predefined limit is exceeded for system health

65

User Configured

System License Added

Sends notification when a system license is added in the system

66

User Configured

System License Expiry Alert

Sends a notification when the system license is about to expire

67

User Configured

System Log Created

Sends notification when the system log is created

68

User Configured

User Access Policy Created

Sends notification when an user access policy is created

69

User Configured

User Access Policy Modified

Sends notification when an update is made in the user access policy

70

User Configured

User Created

Sends notification when a user is created

71User ConfiguredUser Password ResetSends notification when an administer resets user password
72

User Configured

Vault API Registration Created

Sends notification when the vault API registration is created in the system

73

User Configured

Vault API Registration Deleted

Sends notification when the vault API registration is deleted from the system

74

User Configured

Vault API Registration Modified

Sends notification when the vault API registration gets updated in the system

75

System Configured

Workflow Approval Request

Sends notification when workflow approval request is created

76

System Configured

Workflow Approved

Sends notification when workflow request is approved

77

System Configured

Workflow Approved (Password)

Sends notification when workflow request for password is created

78

System Configured

Workflow Rejected

Sends notification when workflow request is rejected

79

System Configured

Workflow Request Processed

Sends notification when workflow request is processed

Content Tags of various Notification Groups

Sectona allows users to customize the content of an email with the help of content tags. Content tags are those tags that help in retrieving the appropriate data. To customize the content of an email message locate the Notification template that corresponds to the notification that you want to customize by navigating to the Configuration → Notification Template. Make your customizations to the template as needed. You can see the content tags of a particular template by clicking on the Content Tag(s) button. A list of content-tags will be shown. Copy the tag you wish to add in your email with the help of the description mentioned and save your changes and then close the file.

Below are the lists of all the Notification group’s content tags with its description:

Actions performed under Exclusive Access, Server Access Policy fall under Access Control group. Actions can be Exclusive Access Assigned, Server Access Policy (Unix) Created, Server Access Policy (Unix) Deleted, Server Access Policy (Unix) Modified, Server Access Policy (Windows) Created, Server Access Policy (Windows) Deleted and Server Access Policy (Windows) Modified. Following are the tags of the group which helps in providing appropriate data to the recipient via email.

Access Control

Content Tags

Description

%AssetPolicyPolicyName%

Server access policy name

%AssetPolicyDescription%

Server access policy description

%AssetPolicyAllowValidTill%

Option to set expiry date of server access policy

%AssetPolicyValidTill%

Expiry set for server access policy

%AssetPolicyUnixCommandToBlock%

Unix command to be blocked

%AssetPolicyUnixCommandToConfirm%

Unix command to be confirmed

%AssetPolicyUnixCommandToElevate%

Unix command to be elevated

%AssetPolicyUserGroups%

Server access policy enforced user group

%AssetPolicyWindowsAppToBlock%

Windows application to be blocked

%AssetPolicyWindowsAppToConfirm%

Windows application to be confirmed

%AssetPolicyWindowsAppToElevate%

Windows application to be elevated

%AssetPolicyType%

Type of policy

%AssetPolicyExceptionUsers%

Exception Users

%ExclusiveAccessUserGroupName%

User group selected for exclusive access

%ExclusiveAccessAccountGroupName%

Account group selected for exclusive access

%ExclusiveAccessUserLogonName%

User selected for exclusive access

%ExclusiveAccessAccountName%

Account selected for exclusive access

%ExclusiveAccessAssetType%

Asset Type of asset selected for exclusive access

%ExclusiveAccessAssetHostname%

Host name of asset selected for exclusive access

%ExclusiveAccessDBInstance%

DB Instance of asset selected for exclusive access

%ExclusiveAccessAccountDomain%

Domain Name of Account selected for exclusive access

%ExclusiveAccessAssetIPAddress%

IP Address of asset selected for exclusive access

%ExclusiveAccessAssignedOn%

Exclusive access assigned on

%Instance%

Instance name in which the configuration is saved or updated

%CreatedBy%

Configuration created by

%CreatedOn%

Configuration created on

%ModifiedBy%

Configuration modified by

%ModifiedOn%

Configuration modified on

%SystemTrailOn%

Last trail captured on

%SystemTrail_Field1%

Generic trail field 1

Actions performed under Account and Account Group fall under Accounts group. Actions can be Account Created, Account Group Created, Account Group Deleted and Account Group Modified. Following are the tags of the group which helps in providing appropriate data to the recipient via email.

Accounts

Content Tags

Description

%AccountGroupName%

Account Group policy name

%AccountGroupDescription%

Account group policy description

%AccountGroupRuleType%

Account group policy rule method

%AccountGroupAllowValidtill%

Option to set expiry date of account group policy

%AccountGroupValidTill%

Expiry set for account group policy

%AccountGroupIsActive%

Account group policy status

%AccountgroupPolicyAllowEnforceComment%

Option to enforce comment

%AccountGroupCommentMinLenght%

Minimum length of comment

%AccountGroupAllowAPIAccess%

Option to allow API access

%AccountGroupRequireTicketNo%

Option to enforce ticket number

%AccountName%

Privileged account name

%AccountDomain%

Domain name associated with the privileged account

%AccountOwner%

Owner of the privileged account as per the system

%AccountType%

Type of the privileged account

%AccountCategory%

Category of privileged account

%AccountAssetHostName%

Hostname of asset to which account is linked

%AccountAssetIPAddress%

IP address of asset to which account is linked

%AccountAssetType%

Type of asset to which asset/account is linked

%AccountAssetCategory%

Category of asset to which account is linked

%AccountAssetDatabase%

Database name of asset to which account is linked

%AccountPasswordChangedBy%

Name of entity who changed account password

%AccountPasswordChangedOn%

Last account password change date

%AccountPasswordFailedOn%

Last account password change failure date

%AccountPasswordFailedDetail%

Last account password change failure details

%AccountPasswordReqestedBy%

Name of entity who requested account password

%AccountPasswordReqestedOn%

Last password checkout requested date

%AccountPasswordStatus%

Current password change status

%Instance%

Instance name in which the configuration is saved or updated

%CreatedBy%

Configuration created by

%CreatedOn%

Configuration created on

%ModifiedBy%

Configuration modified by

%ModifiedOn%

Configuration modified on

%SystemTrailOn%

Last trail captured on

%SystemTrail_Field1%

Generic trail field 1

Actions performed asset management fall under Assets group. Actions can be Asset Created and Asset Not Reachable.  Following are the tags of the group which helps in providing appropriate data to the recipient via email.

Assets

Content Tags

Description

%AssetCategory%

Category of asset

%AssetType%

Type of asset

%AssetHostIP%

IP address of asset

%AssetHostName%

Hostname of asset

%AssetLocation%

Location of asset

%AssetPort%

Port of asset

%AssetDBInstance%

Database instance of asset

%AssetOwner%

Owner of asset

%AssetHostNameWithDBInstanceWithIP%

HostName with DBInstance with IP

%Instance%

Instance name in which the configuration is saved or updated

%CreatedBy%

Configuration created by

%CreatedOn%

Configuration created on

%ModifiedBy%

Configuration modified by

%ModifiedOn%

Configuration modified on

%SystemTrailOn%

Last trail captured on

%SystemTrail_Field1%

Generic trail field 1

Actions performed user session’s fall under Audit group. Actions related to Session Review Requested fall under audit group.  Following are the tags of the group which helps in providing appropriate data to the recipient via email.

Audit

Content Tags

Description

%UsersSessionSessionID%

User session session ID

%UsersSessionAccountName%

Account name in user session

%UsersSessionHostname%

Hostname of user session

%UsersSessionIPAddress%

IP address of user session

%UsersSessionAssetType%

Asset type in user session

%UsersSessionUsername%

Username of user session

%UsersSessionAssetCategory%

Asset category in user session

%UsersSessionDuration%

User session duration

%UsersSessionRiskScore%

Session Risk Score

%UsersSessionStartTime%

Session Start Time

%UsersSessionEndTime%

Session End Time

%UsersSessionReviewState%

Session Review State

%UsersSessionReviewOn%

Session Reviewed On

%UsersSessionReviewBy%

Session Reviewed By

%UsersSessionReviewComment%

Session Review Comment

%UsersSessionReReviewState%

Session Re-Review State

%UsersSessionReReviewOn%

Session Re-Reviewed On

%UsersSessionReReviewBy%

Session Re-Reviewed By

%UsersSessionReReviewComment%

Session Re-Review Comment

%UsersSessionAccessType%

Access type in user session

%UsersSessionTicketNo%

Ticket number used for user session

%UsersSessionComment%

Session comment

%CreatedBy%

Configuration created by

%CreatedOn%

Configuration created on

%ModifiedOn%

Configuration modified on

%SystemTrailOn%

Last trail captured on

%SystemTrail_Field1%

Generic trail field 1

Actions performed Privileged Access Governance fall under Governance group. Actions can be PAGReview Completed, PAGReview Processed and PAGReview Requested.  Following are the tags of the group which helps in providing appropriate data to the recipient via email.

Governance

Content Tags

Description

%PAG_ReviewName%

Review Name

%PAG_ReviewTypes%

Type Of Review

%PAG_Scheduler%

Review Schedule

%PAG_RecurEvery%

Scheduler Recur value

%PAG_ValidTill%

Schedule Valid Till

%PAG_CurrentApprovalLevel%

Current Approver Level

%PAG_ApprovalLevel%

Next Approver Level

%PAG_ReviewCreatedOn%

Review Created On

%PAG_ReviewCreatedBy%

Review Created By

%PAG_ReviewStatus%

Review Status

%CreatedBy%

Configuration created by

%CreatedOn%

Configuration created on

%ModifiedBy%

Configuration modified by

%ModifiedOn%

Configuration modified on

%SystemTrailOn%

Last trail captured on

%SystemTrail_Field1%

Generic trail field 1

Actions performed High Availability fall under this group. Actions can be High Availability Added, High Availability Changed, High Availability Master Changed, High Availability Not Reachable, High Availability Out Of Sync, High Availability Started and High Availability Stopped.  Following are the tags of the group which helps in providing appropriate data to the recipient via email.

High Availability

Content Tags

Description

%HA_SystemNodeType%

Type of node

%HA_Hostname%

Hostname of the server

%HA_IPAddress%

IP Address of server

%HA_IPAddressWithPort%

IP Address of primary server with port

%HA_IPAddressWithPort_Fallback%

IP Address of Fallback server with port

%HA_IPAddressWithPort_DR%

IP Address of DR server with port

%HA_Port%

Port user for HA

%HA_URL%

URL of HA server

%HA_SystemRoleCurrent%

Current Server type (Primary, Fallback or DR)

%HA_SystemRoleDefined%

Defined Server type (Primary, Fallback or DR)

%HA_PriorityCurrent%

Current Priority to do HA

%HA_PriorityDefined%

Defined Priority to do HA

%HA_Active%

Configuration is active

%HA_CreatedBy%

HA Configuration created by

%HA_CreatedOn%

HA Configuration created on

%HA_ModifiedBy%

HA Configuration modified by

%HA_ModifiedOn%

HA Configuration modified on

%HA_EventDescription%

Event Description

%HA_CPUUsage%

CPU Usage Of Server

%HA_MemoryUsage%

Memory Usage Of Server

%HA_DiskUsage%

Disk Usage Of Server

%CreatedBy%

Configuration created by

%CreatedOn%

Configuration created on

%ModifiedBy%

Configuration modified by

%ModifiedOn%

Configuration modified on

%SystemTrailOn%

Last trail captured on

%SystemTrail_Field1%

Generic trail field 1

Actions performed Instance fall under this group. Actions can be Instance Created and Instance Modified.  Following are the tags of the group which helps in providing appropriate data to the recipient via email.

Instances

Content Tags

Description

%InstanceName%

Instance name

%InstanceShortName%

Instance short name

%InstanceDescription%

Instance description

%InstanceTimezone%

Instance time zone

%InstanceIsActive%

Current instance status

%CreatedBy%

Configuration created by

%CreatedOn%

Configuration created on

%ModifiedBy%

Configuration modified by

%ModifiedOn%

Configuration modified on

%SystemTrailOn%

Last trail captured on

%SystemTrail_Field1%

Generic trail field 1

Actions related to System license fall under License group. Actions can be System License Added and System License Alert.  Following are the tags of the group which helps in providing appropriate data to the recipient via email.

License

Content Tags

Description

%SystemLicenseAddedBy%

Name of user who added system license

%SystemLicenseAddedOn%

Date when system license was added

%SystemLicenseNumberOfUsers%

Number of users that can be created on existing system license

%SystemLicenseNumberOfAssets%

Number of assets that can be created on existing system license

%SystemLicenseNumberOfAccounts%

Number of accounts that can be created on existing system license

%SystemLicenseNumberOfInstance %

Number of instances that can be created on existing system license

%SystemLicenseSystemID%

System ID of system license

%SystemLicenseLicenseKey%

License key of system license

%SystemLicenseDuration%

System license duration

%SystemLicenseExpiryDate%

System license Expiry Date

%SystemTrailOn%

Last trail captured on

%SystemTrail_Field1%

Generic trail field 1

Actions related to policies fall under this group. Actions can be Password Checkout Policy Created, Password Checkout Policy Modified, Rotation Policy Created and Rotation Policy Modified. Following are the tags of the group which helps in providing appropriate data to the recipient via email.

Policy

Content Tags

Description

%RotationPolicyName%

Password rotation policy name

%RotationPolicyMethod%

Password rotation policy method

%RotationPolicyRecurEvery%

Recurring period for password rotation

%RotationPolicyStartson%

Password rotation policy starting date

%RotationPolicyFromTime%

Starting time of password rotation

%RotationPolicyToTime%

Ending time of password rotation

%RotationPolicyValidTill%

Password rotation policy validity

%RotationPolicyPasswordPolicy%

Password policy for rotating password

%RotationPolicyResetFailedPassword%

Option to reset password

%CheckoutPolicyName%

Password checkout policy name

%CheckoutPolicyAllowCheckout%

Option to enable password checkout

%CheckoutPolicyNoApprovalCheckout%

Option to enable password checkout without approval

%CheckoutPolicyChangePassword%

Option to change password after check in

%CheckoutPolicyResetFailedPassword%

Option to reset password on the event of password change failure

%CheckoutPolicyAllowConcurrency%

Option to enable concurrency

%CheckoutPolicyConcurrency%

Concurrency set for password checkout

%CheckoutPolicyDefaultDays%

Default days set for password checkout

%CheckoutPolicyDefaultHours%

Default hours set for password checkout

%CheckoutPolicyDefaultMinutes%

Default minutes set for password checkout

%CheckoutPolicyMaxDays%

Maximum days allowed to checkout password

%CheckoutPolicyMaxHours%

Maximum hours allowed to checkout password

%CheckoutPolicyMaxMinutes%

Maximum minutes allowed to checkout password

%CheckoutPolicyDefaultDuration%

Default Duration allowed to checkout password

%CheckoutPolicyMaxDuration%

Maximum Duration allowed to checkout password

%Instance%

Instance name in which the configuration is saved or updated

%CreatedBy%

Configuration created by

%CreatedOn%

Configuration created on

%ModifiedBy%

Configuration modified by

%ModifiedOn%

Configuration modified on

%SystemTrailOn%

Last trail captured on

%SystemTrail_Field1%

Generic trail field 1

Actions related to proxies fall under Proxy and Landing Server group. Actions can be Session Proxy Started and Session Proxy Stopped. Following are the tags of the group which helps in providing appropriate data to the recipient via email.

Proxy and Landing Servers

Content Tags

Description

%SessionProxyName%

Session proxy name

%SessionProxyType%

Session proxy type

%SessionProxyHostname%

Session proxy hostname

%SessionProxyIPAddress%

IP address of session proxy

%SessionProxyPort%

Session proxy port

%SessionProxyIsActive%

Current status of session proxy

%SessionProxyStartedOn%

Session proxy start time

%SessionProxyStoppedOn%

Session proxy stop time

%CreatedBy%

Configuration created by

%CreatedOn%

Configuration created on

%ModifiedBy%

Configuration modified by

%ModifiedOn%

Configuration modified on

%SystemTrailOn%

Last trail captured on

%SystemTrail_Field1%

Generic trail field 1

Actions related to reports fall under Reporting group. Actions can be Analytical Report Exported and Scheduled Report Generated. Following are the tags of the group which helps in providing appropriate data to the recipient via email.

Reporting

Content Tags

Description

%CurrentTimestamp%

Current date and time of the system

%ReportSchedulerReportName%

Name Of the report

%ReportSchedulerReportCategory%

Category of report

%ReportSchedulerReportGroup%

Group of report

%ReportSchedulerScheduledOn%

Report Scheduled On

%ReportSchedulerScheduledBy%

Report Scheduled By

%ReportSchedulerUpdatedOn%

Report Scheduler Updated On

%ReportSchedulerUpdatedBy%

Report Scheduler Updated By

%Instance%

Instance name in which the configuration is saved or updated

%CurrentTimestamp%

Current date and time of the system

%AnalyticalReportName%

Name Of the report

%AnalyticalReportCategory%

Category of report

%AnalyticalReportGroup%

Group of report

%AnalyticalReportExportedOn%

Report Exported On

%AnalyticalReportExportedBy%

Report Exported By

%CreatedBy%

Configuration created by

%CreatedOn%

Configuration created on

%ModifiedBy%

Configuration modified by

%ModifiedOn%

Configuration modified on

%SystemTrailOn%

Last trail captured on

%SystemTrail_Field1%

Generic trail field 1

Actions related to Satellite Vault fall under this group. Actions can be Satellite Vault Configuration Changed and Satellite Vault Configured. Following are the tags of the group which helps in providing appropriate data to the recipient via email.

Satellite Vault

Content Tags

Description

%SatelliteVaultRemoteHostname%

Server hostname

%SatelliteVaultRemotePort%

Server port

%SatelliteVaultAccessKey%

Public key for communication

%SatelliteVaultInstances%

Instances to share account password

%SatelliteVaultAccountGroups%

Accounts from account groups to be shared

%SatelliteVaultUsers%

Users with whom the password to be shared

%SatelliteVaultAdminUsers%

Users who has admin privileges

%SatelliteVaultActive%

Configuration is enable or not

%SatelliteVaultCreatedBy%

Configuration Created by

%SatelliteVaultCreatedOn%

Configuration Created on

%SatelliteVaultChangedBy%

Configuration modified by

%SatelliteVaultChangedOn%

Configuration modified on

%CreatedBy%

Configuration created by

%CreatedOn%

Configuration created on

%ModifiedBy%

Configuration modified by

%ModifiedOn%

Configuration modified on

%SystemTrailOn%

Last trail captured on

%SystemTrail_Field1%

Generic trail field 1

Actions related to user’s logging in to Sectona fall under Security group. Actions can be Login Failed, Login Successful, Multifactor Authentication Failed and Sectona OTP Message. Following are the tags of the group which helps in providing appropriate data to the recipient via email.

Security

Content Tags

Description

%UsersLoginFailedSourceIP%

Source IP address of user logged in

%UserLoginFailedSourceHostname%

Source hostname of user logged in

%UserLoginFailedSourceUsername%

Source username of user logged in

%UserLoginFailedTime%

User login time

%UserLoginFailedLogDetails%

User login log details

%UserLoginFailedUsername%

Username of user logged in

%UserLoginFailedFirstname%

Firstname of user logged in

%UserLoginFailedLastname%

Lastname of user logged in

%CreatedBy%

Configuration created by

%CreatedOn%

Configuration created on

%ModifiedBy%

Configuration modified by

%ModifiedOn%

Configuration modified on

%Multifactortype%

Multifactor used by user to login to spectra

%OTPNo%

OTP number

%OTPUsername%

Username to send the OTP

%OTPValidTill%

OTP validation Duration

%SystemTrailOn%

Last trail captured on

%SystemTrail_Field1%

Generic trail field 1

Actions related sessions fall under Session Activity group. Actions can Collaboration Invitation Created, Session Completed, Session Initiated, Session Command Execution Completed, Session Command Execution Confirmed, Session Command Execution Denied, Session Command Execution Elevated, Session File Deleted, Session File Transfer Completed, Session Process Execution Completed, Session Process Execution Confirmed and Session Process Execution Denied. Following are the tags of the group which helps in providing appropriate data to the recipient via email.

Session Activity

Content Tags

Description

%SharedWithUsername%

Username of session collaborated with

%SharingComment%

Comment on session collaboration

%SharingSessionTitle%

Session title of session collaboration

%SharingURL%

URL of session collaboration

%SharedByUsername%

Username of session collaboration by

%UsersSessionSessionID%

User session session ID

%UsersSessionAccountName%

Account name in user session

%UsersSessionHostname%

Hostname of user session

%UsersSessionIPAddress%

IP address of user session

%UsersSessionAssetType%

Asset type in user session

%UsersSessionUsername%

Username of user session

%UsersSessionAssetCategory%

Asset category in user session

%UsersSessionDuration%

User session duration

%UsersSessionRiskScore%

Session Risk Score

%UsersSessionStartTime%

Session Start Time

%UsersSessionEndTime%

Session End Time

%UsersSessionReviewState%

Session Review State

%UsersSessionReviewOn%

Session Reviewed On

%UsersSessionReviewBy%

Session Reviewed By

%UsersSessionReviewComment%

Session Review Comment

%UsersSessionReReviewState%

Session Re-Review State

%UsersSessionReReviewOn%

Session Re-Reviewed On

%UsersSessionReReviewBy%

Session Re-Reviewed By

%UsersSessionReReviewComment%

Session Re-Review Comment

%UsersSessionAccessType%

Access type in user session

%UsersSessionTicketNo%

Ticket number used for user session

%UsersSessionComment%

Session comment

%CreatedBy%

Configuration created by

%CreatedOn%

Configuration created on

%ModifiedOn%

Configuration modified on

%SessionID%

Session ID of session

%SessionCommandText%

Command text captured from the session

%SessionAssetType%

Asset type in the session

%SessionlogAccountName%

Account name in session log

%SessionlogHostname%

Hostname in session log

%SessionUsername%

Name of entity who took the session

%SessionCommandType%

Type of command captured from the session

%SessionExecutedOn%

Execution date of session

%SessionIPAddress%

IP address in the session

%SessionlogCommandExecutedOn%

Command Executed On

%SessionCommandSessionID%

Session ID

%SessionCommandUser%

Username of session

%SessionCommandAssetType%

Asset type of the asset

%SessionCommandAccessType%

Access type of the asset

%SessionCommandHostname%

Hostname of the asset

%SessionCommandIPAddress%

IP address of the asset

%SessionCommandAccountName%

Account name of the asset

%SessionCommandAccountDomain%

Domain name of the account

%SessionCommandCommandType%

Type of command captured from session

%SessionCommandCommandText%

Command text captured from session

%SessionCommandExecutedBy%

Command executed by

%SessionCommandExecutedOn%

Command executed on

%SessionID%

Session ID of session

%SessionCommandText%

Command text captured from the session

%SessionAssetType%

Asset type in the session

%SessionlogAccountName%

Account name in session log

%SessionlogHostname%

Hostname in session log

%SessionUsername%

Name of entity who took the session

%SessionCommandType%

Type of command captured from the session

%SessionExecutedOn%

Execution date of session

%SessionIPAddress%

IP address in the session

%SessionlogCommandExecutedOn%

Command Executed On

%SystemTrailOn%

Last trail captured on

Actions related to System fall under System group. Actions can be System Backup Configuration Changed, System Backup Configured, System Backup Created, System Health Information and System Log Created. Following are the tags of the group which helps in providing appropriate data to the recipient via email.

System

Content Tags

Description

%SystemLogHostname%

Hostname in system log

%SystemLogCode%

System log code

%SystemLogType%

Type of system log

%SystemLogDate%

Date of system log

%SystemLogLevel%

System log level

%SystemLogAccount%

Account name in system log

%SystemLogDescription%

System log description

%SystemVirtualDirectoryName%

Virtual Directory of application

%SystemVirtualDirectoryPath%

Path where the application is hosted

%SystemBackupCreatedOn%

Date when the backup is created

%SystemBackupFileNamePrefix%

Backup file prefix

%SystemBackupFileNameFormat%

Backup filename format

%SystemBackupLocalDirectory%

Local path to store backup

%SystemBackupEnableRemoteBackup%

Enable remote backup

%SystemBackupRemoteDirectory%

Remote path to store backup

%SystemBackupRemoteBackupUsername%

Username for remote backup

%SystemBackupRecureDays%

No of days backup should recur

%SystemBackupTime%

Time to take backup

%SystemBackupEnabled%

System backup enabled or not

%SystemBackupFileName%

Name of backup file

%SystemBackupConfuguredBy%

Backup Configured By

%SystemBackupConfiguredOn%

Backup Configured On

%SystemBackupConfugurationChangedBy%

Backup Configuration Changed By

%SystemBackupConfugurationChangedOn%

Backup Configuration Changed On

%HA_SystemNodeType%

Type of node

%HA_Hostname%

Hostname of the server

%HA_IPAddress%

IP Address of server

%HA_IPAddressWithPort%

IP Address of primary server with port

%HA_IPAddressWithPort_Fallback%

IP Address of Fallback server with port

%HA_IPAddressWithPort_DR%

IP Address of DR server with port

%HA_Port%

Port user for HA

%HA_URL%

URL of HA server

%HA_SystemRoleCurrent%

Current Server type (Primary, Fallback or DR)

%HA_SystemRoleDefined%

Defined Server type (Primary, Fallback or DR)

%HA_PriorityCurrent%

Current Priority to do HA

%HA_PriorityDefined%

Defined Priority to do HA

%HA_Active%

Configuration is active

%HA_CreatedBy%

HA Configuration created by

%HA_CreatedOn%

HA Configuration created on

%HA_ModifiedBy%

HA Configuration modified by

%HA_ModifiedOn%

HA Configuration modified on

%HA_EventDescription%

Event Description

%HA_CPUUsage%

CPU Usage Of Server

%HA_MemoryUsage%

Memory Usage Of Server

%HA_DiskUsage%

Disk Usage Of Server

%CreatedBy%

Configuration created by

%CreatedOn%

Configuration created on

%ModifiedBy%

Configuration modified by

%ModifiedOn%

Configuration modified on

%SystemTrailOn%

Last trail captured on

%SystemTrail_Field1%

Generic trail field 1

Actions related to User management fall under Users group. Actions can be sending Security Key File via email, User Created, User Access Policy Created and User Access Policy Modified. Following are the tags of the group which helps in providing appropriate data to the recipient via email.

Users

Content Tags

Description

%UserAccessPolicyName%

User access policy name

%UserAccessPolicySchedulerType%

User access policy scheduler type

%UserAccessPolicyRecurEvery%

Recurring period for user access policy

%UserAccessPolicyFromTime%

Starting time of user access policy

%UserAccessPolicyToTime%

Ending time of user access policy

%UserAccessPolicyAllowIPSegment%

Option to enable IP segment

%UserAccessPolicyIPSegment%

IP segments to allow in user access policy

%UserAccessPolicyVideo%

Option for enabling session recording

%UserAccessPolicyRecordCommand%

Option for enabling session recording

%UserAccessPolicyLiveView%

Option for enabling Live view

%UserAccessPolicySessionTermination%

Option for enabling session termination

%UserAccessPolicySessionCollaboration%

Option for enabling session collaboration

%UserAccessPolicyAllowConcurrency%

Option to enable concurrency

%UserAccessPolicyConcurrency%

Number of concurrent sessions to be allowed

%UserAccessPolicyMaxDurationDays%

Maximum days that user can access the system

%UserAccessPolicyMaxDurationHours%

Maximum hours that user can access the system

%UserAccessPolicyMaxDurationMinutes%

Maximum minutes that user can access the system

%UserAccessPolicyApplySessionBanner%

Session banner should be applied o not

%UserAccessPolicySessionBanner%

Session banner applied to every session

%UserAccessPolicyMFAType%

Multifactor applied to Policy

%UserAccessPolicyMFAForNewSession%

Enforce MFA For New Session

%UserAccessPolicyAllowViaJumpServer%

Access via jump server should be allowed or not

%UserAccessPolicyAllowRDPDirect%

Access via rdp direct file should be allowed or not

%UserAccessPolicyAdaptiveAuthentication%

Check for Adaptive Authentication

%UserAccessPolicyMaxSessionDuration%

Maximum session duration

%UserAccessPolicyConcurrencyValue%

Concurrent session to spectra portal

%UserAccessPolicyMFATypeValue%

Multifactor applied to Policy

%UserAccessPolicyIPSegmentValue%

IP segments to allow in user access policy

%Instance%

Instance name in which the configuration is saved or updated

%UserLogonName%

User logon name

%UserFirstName%

First name of user

%UserLastName%

Last name of user

%UserEmailID%

User email ID

%UserMobileNo%

Registered mobile number of user

%UserExpiresOn%

User logon expiry date

%UserCompany%

User's company name

%UserManager%

User's manager name

%UserActiveDirectory%

Active directory name

%UserRole%

Role assigned to user

%UserGroup%

Groups assigned to user

%UserStatus%

Current user status

%Instance%

Instance name in which the configuration is saved or updated

%CreatedBy%

Configuration created by

%CreatedOn%

Configuration created on

%ModifiedBy%

Configuration modified by

%ModifiedOn%

Configuration modified on

%SystemTrailOn%

Last trail captured on

%SystemTrail_Field1%

Generic trail field 1

Actions related to vault fall under this group. Actions can be Account Password Out Of Sync, Account Password CheckedOut, Account Password Change Failed, Account Password Change Succeeded, Password Manager Process Completed, Password Manager Process Started, Vault API Registration Created, Vault API Registration Deleted and Vault API Registration Modified. Following are the tags of the group which helps in providing appropriate data to the recipient via email.

Vault

Content Tags

Description

%VaultAPIDescription%

Vault API description

%VaultAPIHostname%

Vault API hostname

%VaultAPIScope%

Vault API scope

%VaultAPIExpiry%

Vault API expiry status

%VaultAPIExpiryDate%

Vault API expiry date

%VaultAPIStatus%

Current vault API status

%AccountName%

Privileged account name

%AccountDomain%

Domain name associated with the privileged account

%AccountOwner%

Owner of the privileged account as per the system

%AccountType%

Type of the privileged account

%AccountCategory%

Category of privileged account

%AccountAssetHostName%

Hostname of asset to which account is linked

%AccountAssetIPAddress%

IP address of asset to which account is linked

%AccountAssetType%

Type of asset to which asset/account is linked

%AccountAssetCategory%

Category of asset to which account is linked

%AccountAssetDatabase%

Database name of asset to which account is linked

%AccountPasswordChangedBy%

Name of entity who changed account password

%AccountPasswordChangedOn%

Last account password change date

%AccountPasswordFailedOn%

Last account password change failure date

%AccountPasswordFailedDetail%

Last account password change failure details

%AccountPasswordReqestedBy%

Name of entity who requested account password

%AccountPasswordReqestedOn%

Last password checkout requested date

%AccountPasswordStatus%

Current password change status

%AccountName%

Privileged account name

%AccountDomain%

Domain name associated with the privileged account

%AccountOwner%

Owner of the privileged account as per the system

%AccountType%

Type of the privileged account

%AccountCategory%

Category of privileged account

%AccountAssetHostName%

Hostname of asset to which account is linked

%AccountAssetIPAddress%

IP address of asset to which account is linked

%AccountAssetType%

Type of asset to which asset/account is linked

%AccountAssetCategory%

Category of asset to which account is linked

%AccountAssetDatabase%

Database name of asset to which account is linked

%AccountPasswordChangedBy%

Name of entity who changed account password

%AccountPasswordChangedOn%

Last account password change date

%AccountPasswordFailedOn%

Last account password change failure date

%AccountPasswordFailedDetail%

Last account password change failure details

%AccountPasswordReqestedBy%

Name of entity who requested account password

%AccountPasswordReqestedOn%

Last password checkout requested date

%AccountPasswordStatus%

Current password change status

%NoofAccounts%

Number of accounts for password change

%NoofAccounts_Failed%

Number of failed password change accounts

%NoofAccounts_Success%

Number of successful password change accounts

%NoofAccounts_Skiped%

Number of skipped password change accounts

%PasswordManagerIsActive%

Current status of password manager

%PasswordManagerDescription%

Password manager description

%Instance%

Instance name in which the configuration is saved or updated

%CreatedBy%

Configuration created by

%CreatedOn%

Configuration created on

%ModifiedBy%

Configuration modified by

%ModifiedOn%

Configuration modified on

%SystemTrailOn%

Last trail captured on

%SystemTrail_Field1%

Generic trail field 1

Actions related to workflow fall under this group. Actions can be Maker Checker Approved, Maker Checker Created, Maker Checker Processed, Maker Checker Rejected, Workflow Approval Request, Workflow Approved, Workflow Approved Password, Workflow Rejected and Workflow Request Processed. Following are the tags of the group which helps in providing appropriate data to the recipient via email.

Workflow

Content Tags

Description

%WorkflowRequestID%

Workflow request ID

%WorkflowRequestType%

Workflow request type(password/access)

%WorkflowRequestDuration%

Workflow request duration

%WorkflowRequestStartOn%

Workflow request started on

%WorkflowRequestEndsOn%

Workflow request ends on

%WorkflowRequestComment%

Comment for workflow request

%WorkflowRequestTicketNo%

Workflow request ticket number

%WorkflowRequestAssetCategory%

Asset category of asset for workflow request

%WorkflowRequestAssetType%

Asset type of asset for workflow request

%WorkflowRequestHostName%

Hostname of asset for workflow request

%WorkflowRequestAccount%

Account name of account for workflow request

%WorkflowRequestURL%

URL for the approval/rejection of the request

%WorkflowRequestCurrentStatus%

Current status of workflow request

%WorkflowRequestComment%

Comment for workflow request

%WorkflowRequestLastComment%

Last comment on the workflow request

%WorkflowRequestLastCommentBy%

The username of the previous level approver of the workflow request

%WorkflowRequestLevel%

Workflow request level

%WorkflowRequestAccessMode%

Access Mode of request

%Instance%

Instance name in which the configuration is saved or updated

%CreatedBy%

Configuration created by

%CreatedOn%

Configuration created on

%ModifiedBy%

Configuration modified by

%ModifiedOn%

Configuration modified on

%SystemTrailOn%

Last trail captured on

%SystemTrail_Field1%

Generic trail field 1