Auditing system changes
Users with sufficient or administrator privileges can modify the system configuration in ways that could affect the system environment. System Trails feature enables you to track changes to the system configuration. All user-initiated events that modify the system's state or behavior are logged. This section will guide you to use the System Trail feature.
Understanding audit events
Every action for configuration change in the system log is defined with standard parameters and event-specific additional details. Standard parameters include
Performed (Name of the type)
Additional event-specific parameters include change logs of respective event groups.
Viewing system trail
To reach the system trail, follow the steps below:
Navigate to the "System" option in the navigation bar.
Select "System Trail" from the sidebar. An informative screen will appear in front of you about the trails.
Choose the Date & Time to define the period for which you wish to view the trails.
Select the "Instance" for which you wish to view the trails.
Navigate to the right corner, where you will see a drop-down list of the types of system trails you wish to view. Based on the parameter selected from the drop-down list, you will see details covering Timestamp, Action, Performed by, Instance, and the selected parameter.
Based on the action executed, a complete list of the changes made regarding the 'Action' will be generated and viewable.
System events & groups
System trail events are available in the following groups.
The type of access could either be user-defined or system-defined.
Account dependencies deal with password setting changes for dependent accounts.
Account group policy
Account group policy deals with enforcing comment, comment minimum length, allowing access via API, and requiring ticket numbers.
Account groups are created to define which accounts belong to which asset type so that similar assets and accounts are mapped to a group for a particular access.
Account group attributes
The properties of the account group are used to configure and define an account group.
Account group mapping
The linking of account groups to various accounts having common access or purpose of work.
Accounts are used to provide particular access to users.
Default parameters of accounts such as asset category, asset type, account type, and account role.
Accounts that were discovered across target assets and automatically onboarded to ease the load of creating several accounts every time of account discovery are used.
Active mapping process is used to link user groups to account groups.
Active mapping account group
The list of account groups available to be mapped to the user groups.
Active mapping attributes
The properties of active mapping are used to map user and account groups.
Active mapping user group
The list of user groups available to be mapped to the account groups.
|Appearance||It helps to customize the system's user interface, such as logo, title, message, etc.|
It helps to fetch data of all the access types available.
Asset configuration directory server
Deals with changes in asset configuration pertaining to the directory server.
Type of target assets based on asset category.
Asset type access types
The access types which are mapped to the asset type.
Asset type password change method
The method to change the password of the asset type.
List of target assets mapped within the PAM system.
Policies to request a checkout of passwords to target assets and accounts.
Type commands that can be executed.
The level of critical task that we are dealing with defines the criticality level.
Types of directory such as Windows AD.
An authentication provider requires an integration key and secret key to have access to the system.
A gateway that allows communication of alerts and OTP's to users with SMTP protocols to pass through the server connection.
Notification templates that tell you whatever activity has taken place in the system.
An authentication provider which requires a username and shared key to have access to the system.
An authentication provider which requires the URL link to access the system.
These are created to attach an object to itself for defining its functionalities.
The devices which are required to perform input and output operations on the system.
The IP range which is required to have set boundaries for certain data access in the system.
Landing & app servers
Used when the ports needed for taking sessions are blocked on PAM or when the processing of sessions needs to be handled by a different server.
It helps to locate the IP segments of the particular location.
It enables Sectona Session Logs to be forward to an external service such as a SIEM.
Network discovery AD
It helps to discover assets across the active directory.
Network discovery AWS
It helps to discover assets across AWS.
Network discovery Azure
It helps to discover assets across Azure.
Network discovery Hyper V
It helps to discover assets across Hyper-V.
Network discovery VMWare
It helps to discover assets across VMware.
Provides a proxy server to the network.
It helps to discover assets using a network scan.
|Notification rules||It determines the rules that need to be followed while sending a notification based on the attributes.|
|Notification templates||It helps to configure/customize notification templates used by the system for various notifications.|
An authentication provider, which requires a sub-domain and API key to have access to the system.
An authentication provider which requires a sub-domain, client ID, and client secret to have access to the system.
The configuration to generate OTP having maximum retries and OTP length.
Password change method process
Process for a corresponding password change method.
Password change methods
The type of password change techniques.
The manager keeps a record of the password change and history of that particular job involved.
Password manager accounts
Managing the history of accounts whose passwords have been changed.
The properties of passwords that needs to be defined by the user based on the organization's requirement.
Risk score matrix
The matrix which defines risk activity with the default and configured risk level.
The properties of a password defined by the user to tell how frequently the password must be changed automatically in this policy.
RSA secure ID
An authentication provider which requires a username and shared key to access the system.
Deals with automatic scheduling of parameters such as password rotation, report generation, etc.
Sectona authentication lockout policy
The policy which defines the Sectona authentication, i.e. how the password must be locked or unlocked.
Sectona authentication password policy
The policy which defines the Sectona authentication i.e., how the password must be generated.
|Server access policy||It helps to restrict/allow access to certain programs/commands for specific users in the User Groups.|
|Service desk||It helps to configure parameters for service desk/ticketing system integration.|
The gateway URL is required with a username and password to receive an SMS OTP for authentication.
The backup of our PAM system, which might be enabled locally or remotely by the user.
This helps to see the default as well as configured values when the system is modified.
|Tags||It is a tag as a parameter set to account, user and asset.|
It displays the task that is already created.
Task library process
It defines the various tasks that the user can perform on a day-to-day basis.
User access policy
It defines the method for a user to access the system.
The settings are configured for a user.
Users are the end-users who access the PAM system.
These groups are created to add a User to the User Group, which have similar functions and roles.
User groups active directory
It helps to add a user to a an Active Directory based User Group.
User group attributes
It helps to add a user to an Attribute-based User Group.
User group mapping
It helps to map a user to a defined user group.
It helps to map a user to the required Instance.
It defines the roles which are permitted to a specific user.
These are privileged tasks that the user needs to execute on the target asset.
An authentication provider which requires an username and shared key to have access to the system.
The sessions are been recorded according to the properties modified by the user.
Workflow master request types
It helps to put forth workflow requests for access or password change.
It helps to create a connection according to the asset category and asset type involved.
Workflow master approvers
It helps to approve workflow requests for access or password change.
Workflow master attributes
Properties of workflow master.