Run Security Audit Compliance Reports

22 min

organizations require security audit reports to maintain internal control and perform audits, in accordance with multiple standards, such as the sarbanes oxley act (sox) for these audit and transparency purposes, kron pam provides detailed security audit compliance reports this document describes how to run these reports security audit compliance reports logging activity most audit reports require logging user access attempts to the system kron pam allows you to monitor the log in activities of privileged users kron pam records login , logout , and login failure activities in detail, including time and source for sftp, gui(ui), tacacs+, radius, and ssh connections, as well as the reasons for login failure to access the user authentication reports navigate to logging > user auth logs select report filters and click the search button click export data to excel to get the report in excel format user activity user actions are recorded by kron pam so that important data for audit reports, such as which user did what and when can be reported as well ssh/telnet session command line interface activity the kron pam session manager tracks command line interface (cli) operations performed during privileged sessions user, target server, session start date, and session end date logs are available in the session log field of the kron pam web gui to access the session logs reports navigate to logging > session log > session logs select report filters and click the search button click export data to excel to get the report in excel format session log reports, including who did what in privileged sessions, satisfy sox compliancy requirements the commands executed by user logs recorded for ssh/telnet sessions are also logged in the command logs section to access the command detail reports navigate to logging > session log > command logs select report filters and click the search button click export data to excel to get the report in excel format remote desktop (rdp/vnc) session activity the kron pam session manager tracks rdp/vnc operations performed during privileged sessions user, target server, session start date, and session end date logs are available in the session log field of the kron pam web gui to access the session logs reports navigate to logging > session log > session logs select report filters and click the search button click export data to excel to get the report in excel format the session logs reports, including who did what in privileged sessions, satisfy sox compliance requirements text captured by the optical character reader (ocr), and keyboard and mouse movements for rdp sessions, are also logged in the command logs section to access the command detail reports navigate to logging > session log > command logs select report filters and click the search button click export data to excel to get the report in excel format secure file transfer session (sftp) activity the kron pam session manager tracks file transfer operations performed during privileged sessions user, target server, session start date, and session end date logs are available in the session log field of the kron pam web gui to access the session logs reports navigate to logging > session log > session logs select report filters and click the search button click export data to excel to get the report in excel format session log reports, including who did what in privileged sessions, satisfy sox compliance requirements the commands executed by user logs recorded for sftp sessions are also logged in the command logs section to access the command detail reports navigate to logging > session log > command logs select report filters and click the search button click export data to excel to get the report in excel format database (sql) session activity the kron pam session manager tracks database operations performed during privileged sessions user, target server, session start date, and session end date logs are available in the session log field of the kron pam web gui to access the session logs reports navigate to logging > session log > session logs select report filters and click the search button click export data to excel to get the report in excel format session log reports, including who did what in privileged sessions, satisfy sox compliancy requirements the “commands executed by user” logs recorded for sql sessions are also logged in the command logs section to access the command detail reports navigate to logging > session log > command logs select report filters and click the search button click export data to excel to get the report in excel format web session (http/s) activity the request url of user data is logged via the http proxy component of kron pam to access the http proxy log reports navigate to logging > http proxy logs select report filters and click the search button click export data to excel to get the report in excel format password checkout activity the kron pam password manager module provides one of the “user activities” reports, which includes the users’ password checkout activities for device connections to access the password change log reports navigate to sapm management > sapm management > password change log select report filters and click the search button click export data to excel to get the report in excel format device administration activities (tacacs+, radius) tacacs+ account log the commands executed by user logs recorded for tacacs+ connections are available from the tacacs+ account log section of the kron pam web gui these logs can be used as one of the user activities reports to access the tacacs account reports navigate to logging > tacacs account log select report filters and click the search button click export data to excel to get the report in excel format radius account log accounting and authorization activities are logged for radius connections these logs can be used as one of the user activities reports to access the radius account reports navigate to logging > radius account log select report filters and click the search button click export data to excel to get the report in excel format kron pam ui activities all user activity on the kron pam web gui is recorded in the ui activities section, reports can be run for various activities, such as adding/deleting devices, defining users, and searching records to access the user activities reports navigate to logging > activity logs select report filters and click the search button click export data to excel to get the report in excel format some of the “event types” are listed below access controls policy enforcement is a major part of security requirements kron pam knows which systems users can access, and what they are allowed to do on these systems the policy tracking function is useful for access control reports of auditing reports authentication logs provide visibility into which users can access which devices; authorization logs show which activities are authorized (whitelisted) or unauthorized (blacklisted) for which users are on the devices they are allowed to connect to to access the authorization reports navigate to policy control > policy tracking > authentication select report filters and click the search button click export data to excel to get the report in excel format to access the authentication reports navigate to policy control > policy tracking > authorization select report filters and click the search button click export data to excel to get the report in excel format report security all logs and records are kept in a database, in binary format the database access is restricted by the db admin sensitive data in the logs is encrypted with a customer specific master key and data encryption key all the data is hashed and checked regularly for data integrity