Audit & Notifications

As PMP deals with sensitive passwords, it comes with an effective auditing mechanism to record who accessed what resource and when along with trails about every single action performed by the user. All operations performed by users on the GUI are audited with the timestamp and the IP address from where they accessed the application.

 

Audit in PMP has been classified into three types:

 

 

PMP audit is quite comprehensive and almost all actions are audited. There may be requirements to audit only the specific operations. To facilitate that, within each audit type, PMP provides the flexibility to audit only the required operations. There is also option to send notifications to required recipients whenever a chosen event (audit trail of your choice) occurs in PMP.

Resource Audit

All operations pertaining to 'resources' are captured under 'Resource Audit'.

 

To view resource audit

 

 

To record only specific trails in resource audit

 

 

To receive notifications, traps, syslog messages on generation of audit records

 

 

Purging Resource Audit Trails

 

 

Exporting Resource Audit Trails as PDF/CSV Report

 

Resource Audit Filters

You can create customized views for filtering and viewing only those audit records that are of interest to you. For example, in Resource Audit, if you want to filter and view the audit trails for the accounts added for specific resources, you can create a custom filter by specifying your criteria.

 

To create an audit filter,

 

User Audit

All operations performed in PMP by a 'PMP user' are captured under 'User Audit'.

 

To view user audit

 

 

To record only specific trails in user audit

 

 

To receive notifications on generation of audit records

 

 

Purging User Audit Trails

 

 

Exporting User Audit Trails as PDF/CSV Report

 

User Audit Filters

You can create customized views for filtering and viewing only those audit records that are of interest to you. For example, in User Audit, if you want to filter and view the audit trails for the accounts added for specific resources, you can create a custom filter by specifying your criteria.

 

To create an audit filter,

 

Task Audit

Records of various scheduled tasks created and executed in PMP are captured as part of task audit.

 

To view user audit

 

 

To record only specific trails in resource audit

 

 

To receive notifications on generation of audit records

 

 

Purging Task Audit Trails

 

 

Exporting Task Audit Trails as PDF/CSV Report

 

Task Audit Filters

You can create customized views for filtering and viewing only those audit records that are of interest to you. For example, in Task Audit, if you want to filter and view the audit trails for the database backup schedules created by specific users, you can create a custom filter by specifying your criteria.

 

To create an audit filter,

 

 

  • Does PMP record Password viewing attempts and retrievals by users?

 

Yes, PMP records all operations performed by the user including the password viewing and copying operations. From audit trails, you can get a comprehensive list of all the actions and attempts by the users with password retrieval. The list of operations that are audited (with the timestamp and the IP address) includes:
 

    • User accounts created, deleted and modified
    • Users logging in and logging off the application
    • Resources and passwords created, accessed, modified and deleted

 

  • How are the audit logs protected against modification?

 

All the audit records are stored in the MySQL database. To ensure security, the MySQL server has been configured not to accept connections from remote hosts. In addition, the password to access the MySQL server is randomly generated for every PMP installation. So, unless people gain entry into the database, the audit records cannot be modified.

 

 


© 2014, ZOHO Corp. All Rights Reserved.