Reports

(Feature available only in Premium Edition)

Contents

Overview

The information on the entire password management process in your enterprise is presented in the form of comprehensive reports in PMP. The status and summaries of the different activities such as password inventory, policy compliance, password expiry, user activity etc are provided in the form of tables and graphs, which assist the IT administrators to make a well-informed decisions on password management.

Password Manager Pro provides about nine canned reports classified under four types. In addition, there is provision to create custom reports.

Canned Reports

Types of Reports

PMP provides four types of reports -

  • Password Reports
  • User Reports
  • General Reports
  • Compliance Reports

Password Reports

All details pertaining to the device properties, hardware properties, firmware details, audit details pertaining to the devices etc have been presented under Network Reports.

To access the Network Reports, just go to the "Reports" tab.

Report Name What does it Convey Additional Information

Password Inventory Report

This report provides a snapshot of details about the total number of resources, passwords, resource types and users present in PMP. Besides, it provides details about the ownership of each password/resource and details about the time at which the passwords were accessed.

There are three sections in this report:

Password Policy Compliance - Summary Report

This section lists down the details in summary about the total number of passwords, total number of passwords that comply to the policy and total number of passwords that are non-compliant.

Policy Violation by Resource Type

This section provides a pie-chart showing the number of passwords that are non-compliant to the defined policy based on the resource type.

Password Compliance - Detailed Report

This section lists down the compliance details of all the resources (whether they are compliant with the defined policy or not). It also depicts the number of violations in each resource and the ownership details of resources and passwords in tabular form. You can make a search in this report by clicking the icon present at the top-right hand corner of the table.

This report can be generated in the form of PDF and can be emailed to required recipients. Click the links "Export to PDF" and "Email this Report" to do the required operation.

Schedule Report

Password Compliance Report

This report provides a snapshot of details about the passwords that comply to the password policy set by the administrator and the ones that do not comply. Besides, it provides details about the ownership of each password.

Also, in the case of the passwords which are found to be non-compliant, details about non-compliance are also provided. This helps in taking the required corrective action immediately to make them compliant.

There are three sections in this report:

Password Policy Compliance - Summary Report

This section lists down the details in summary about the total number of passwords, total number of passwords that comply to the policy and total number of passwords that are non-compliant.

Policy Violation by Resource Type

This section provides a pie-chart showing the number of passwords that are non-compliant to the defined policy based on the resource type.

Password Compliance - Detailed Report

This section lists down the compliance details of all the resources (whether they are compliant with the defined policy or not). It also depicts the number of violations in each resource and the ownership details of resources and passwords in tabular form. You can make a search in this report by clicking the icon present at the top-right hand corner of the table.

This report can be generated in the form of PDF and can be emailed to required recipients. Click the links "Export to PDF" and "Email this Report" to do the required operation.

Password Expiry Report

This report provides information about the validity details of passwords. In other words, it provides details about the passwords that have expired and the passwords that are valid.

There are three sections in this report:

Password Expiry - Summary Report

This section lists down the details in summary about the total number of passwords, total number of expired passwords and total number of valid passwords.

Password Expiry by Resource Type

This section provides a pie-chart showing the number of expired passwords in each resource type.

Password Expiry - Detailed Report

This section lists down the expiry/validity details of all the resources. It also depicts the number of expired/valid passwords in each resource and the ownership details of resources and passwords in tabular form. You can make a search in this report by clicking the icon present at the top-right hand corner of the table.

This report can be generated in the form of PDF and can be emailed to required recipients. Click the links "Export to PDF" and "Email this Report" to do the required operation.

Password Activity Report

This report provides information about the usage details of all passwords in the system. It provides details about the passwords that were most accessed during a specific time period, the ones that were least accessed, average access per day, per week, passwords that were frequently reset etc.

There are six sections in this report:

Activity Statistics - Summary Report

This section lists down the details in summary about the total number of passwords, average access per day/ per week, average password age, the number of passwords for which reset is supported, number of passwords that were reset using agents, number of passwords that were reset without agents, number of failures in password reset etc.

Top 10 Passwords Access Count

This section provides a graph showing the top 10 passwords that were accessed most.

Top 10 Passwords Reset Count

This section provides a graph showing the top 10 passwords that were reset most.

Bottom 10 Passwords Access Count

This section provides a graph showing the least accessed 10 passwords.

Bottom 10 Passwords Reset Count

This section provides a graph showing the least reset 10 passwords.

Password Activity Details

This section provides the following details about the passwords that are in sync with the target systems:

Date of creation of the password, number of times the password had been accessed from the date of creation, number of time the password underwent changes, the time at which the password was accessed/changed last, the frequency at which the password is being accessed every day, the frequency at which the password is being changed every week etc.

List of resources for which access control workflow has been activated

This section lists all the resources for which password access control workflow has been activated

List of resources for which access control workflow has been deactivated

This section lists all the resources for which password access control workflow has been deactivated

List of resources for which access control workflow has not been configured

This section lists all the resources for which password access control workflow has not been configured at all

This report can be generated in the form of PDF and can be emailed to required recipients. Click the links "Export to PDF" and "Email this Report" to do the required operation.

Password Integrity Report

Passwords of resources such as servers, databases, network devices and other applications are stored in PMP. It is quite possible that someone who have administrative access to these resources could access the resource directly and change the password of the administrative account. In such cases, the password stored in PMP would be outdated and will not be of use to the users who access PMP for the password. PMP provides option for checking the integrity of passwords at any point of time on demand and also at periodic intervals.

You can create a scheduled task for carrying out the integrity check at periodic intervals. Click "Schedule Report" and fill-in the details.

You can also generate the integrity report at any point of time by clicking the link "Generate Report". When you do so, you will get the results of the automatic integrity check done by PMP at 1 AM every day for all the accounts for which remote synchronization has been enabled. The results of the current day's check done at 1 AM will be depicted in the report.

In case, you want to carry out integrity check at any moment on demand to get latest details, you need to click the option "Run Integrity Check". PMP will try to establish connection with the target systems for all the accounts for which remote password reset has been enabled. Once the connection is established, it tries to login with the credentials stores in PMP. If login does not succeed, PMP concludes that the password is out of sync. In case, PMP is not even able to establish connection with the system due to some network problem, it will not be taken as password out of sync. A consolidated notification would be emailed to all the administrators and auditors.

The Password Integrity report provides information if the passwords in the system are in sync with the corresponding passwords in the target systems.

There are two sections in this report:

LPassword Integrity - Summary Report

This section lists down the details in summary about the total number of passwords for which reset is supported, passwords for which reset is done using agents, number of passwords that were reset using agents, number of passwords in the system are in sync with the corresponding passwords in the target systems, number of passwords that are out of sync etc.

Password Integrity - Details

This section provides details about the integrity status, who carried out password reset, the time at which the reset was done etc.

This report can be generated in the form of PDF and can be emailed to required recipients. Click the links "Export to PDF" and "Email this Report" to do the required operation.

Ungrouped Passwords

Passwords stored in PMP are part of resources and the resources can be grouped into resource groups. Certain resources may not be part of any resource group. The passwords belonging to such resources are listed in this report.

Password Access Control

Provides complete details about the password access control workflow scenario of your organizations. List of resources for which access control has been enabled, resources for which access control is activated/deactivated, resources for which the requests are automatically approved, list of password release requests approved/denied etc are depicted through this report.

User Reports

Report Name What does it Convey Additional Information

User Access Report

This report provides details about all users in the system with reference to password and resource access.

This report has three sections:

User Statistics - Summary Report

This report can be generated in the form of PDF and can be emailed to required recipients. Click the links "Export to PDF" and "Email this Report" to do the required operation.

Details such as the number of new users added during the last five days, users deleted, role change, number of invalid login attempts, users who carried out password reset during the past five days, users who did not login during the last five days, total number of users/user groups in the system, user roles etc are presented as part of this report.

User Activity Summary Report

The actions performed by users on passwords such as password retrieval, password reset etc captured as part of this summary report. This report provides the number of such actions done by each user. Similarly, the number of password actions performed by members of each user group are also depicted.

User Access Details

The resources and resource groups that are owned by/shared to each user are depicted as part of this report. The privileges allowed for the user are also listed.

User Group Access Details

The list of users who are members of the group, resource groups that are owned by/shared to the user group are depicted as part of this report.

This report can be generated in the form of PDF and can be emailed to required recipients. Click the links "Export to PDF" and "Email this Report" to do the required operation.

User Activity Report

This report provides details about the password usage of all the users in the system.

This report has four sections:

Activity Statistics - Summary Report

The total number of passwords accessed by users and user groups during a specified time period are depicted in the form of graphs.

Top 10 Users - Login/Access/Reset

The list of the top 10 users who performed most login attempts, most password access and most password resets.

Bottom 10 Users - Login/Access/Reset

The list of 10 users who performed least login attempts, least password access and least password resets.

User Activity Details

All details about users, including the total number of login attempts made, number of invalid attempts, number of passwords accessed, number of passwords reset are depicted.

This report can be generated in the form of PDF and can be emailed to required recipients. Click the links "Export to PDF" and "Email this Report" to do the required operation.

General Reports

Report Name What does it Convey Additional Information

Executive Report

This report provides a snapshot of all password access and user activities in the system.

It is a combined report of Password and User reports. It provides details, in summary, about the following:

Password Statistics, Password Activity, Password Policy, Password Expiry, Password Out of Sync, User Statistics and User Activity.

This report can be generated in the form of PDF and can be emailed to required recipients. Click the links "Export to PDF" and "Email this Report" to do the required operation.

Compliance Report

Report Name What does it Convey Additional Information

PCI DSS Compliance Report

The PCI DSS stands for Payment Card Industry Data Security Standard. It is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. It represents a set of rules that need to be adhered to by businesses that process credit cardholder information, to ensure data is protected. The PCI Data Security Standard is comprised of 12 general requirements designed to:

  • Build and maintain a secure network
  • Protect cardholder data
  • Ensure the maintenance of vulnerability management programs
  • Implement strong access control measures
  • Regularly monitor and test networks
  • Ensure the maintenance of information security policies

This standard is governed by PCI Security Standards Council https://www.pcisecuritystandards.org/

This reports the violations in your network from the requirements of Payment Card Industry (PCI) Data Security Standard (DSS), relevant to the use and management practices of shared administrative, software and service account passwords of various systems.

PCI DSS requirements 2,3,7,8,10 & 12 are covered in this report.

Note: In order to adhere to "all" the requirements of the PCI DSS standard completely, you will need other tools and security procedures to be implemented.

You have the option to generate separate compliance reports for each PCI DSS requirement 2,3,7,8,10 & 12. You can also generate a consolidated PCI DSS report too.

This report can be generated in the form of PDF and can be emailed to required recipients. Click the links "Export to PDF" and "Email this Report" to do the required operation.

Scheduling Report Generation

All reports can be scheduled to be generated at periodic intervals. The reports thus generated can be sent via email to required recipients. To create a schedule for any report,

  • go to "Reports" tab
  • click the link "Schedule Report" available under the name of each report
  • in the GUI that opens, select the required schedule - every day / every month / only once
  • provide the date / time at which the schedule has to commence
  • enter the list of email ids to which the report has to be emailed
  • click "Schedule".

The result of the scheduled task created here are audited and can be viewed from the "Task Audit" section.

To terminate an already created schedule,

  • Click the link "Schedule Report" available under the name of report (for which the schedule has to be terminated)
  • In the GUI that opens, select the option "Never"
  • Click "Schedule"
  • The schedule will be terminated

Custom Reports

You can create customized reports out of the four canned reports (Password Inventory, Password Compliance, Password Expiry and Password Integrity) and two audit reports (Resource Audit and User Audit). You can specify certain criteria and create customized reports as per your needs.

The custom reports have been designed to bring out specific information from the PMP database as per your needs. The canned reports provide a snapshot of details in general. On the other hand, you can create a custom report out of this canned report to get specific details.

For instance, let us take the case of creating a custom report out of Password Inventory Report.

Assume that you want to get a report on the resources owned by 'User A' in 'Network Administration' department. You can create a custom report from the 'Password Inventory Report' by specifying the criteria as Resources from 'Department' 'Network Administration' AND 'Owner' name as 'User A'.

The real power of the custom reports lies in the fact that you can specify criteria expression and cull out information catering to your more specific needs.

Let us take another example to explain this:

Assume that your need is to take a list of all the sensitive passwords belonging to the resource types Windows and Windows Domain, Linux and Cisco, owned by a particular administrator - say John. Also, you want to get details on the share permissions for those passwords - with whom the passwords have been shared.

Here, the following are the conditions:

  • Sensitive accounts with names 'administrator' on Windows and Windows Domain, 'root' on Linux and 'enable' on Cisco are to be identified
  • Among such accounts, only those that are owned by john are to be identified

So, the criteria will be as follows:

To identify the 'administrator' accounts on Windows/Windows Domain, the criteria is

  • Resource Type starts with Windows (take this as column C1)
  • Account Name is administrator (take this as column C2)

To identify the 'root' accounts on Linux, the criteria is

  • Resource Type is Linux (take this as column C3)
  • Account Name is root (take this as column C4)

To identify the 'enable' accounts on Cisco devices, the criteria is

  • Resource Type contains Cisco (take this as column C5)
  • Account Name is root (take this as column C6)

To identify the resources owned by john

  • Owner is John (take this as column C7)

Now, you need to specify the criteria expression to combine the above factors:

((C1 and C2) or (C3 and C4) or (C5 and C6)) and C7

That means, you want to identify the resources/accounts complying to any and all the criteria listed above and finally match the ownership.

How to create custom reports?

To create custom reports,

  • go to "Reports" tab
  • click the link "Custom Reports"
  • click the link "Create Custom Reports" available on top right hand corner
  • in the GUI that opens, provide a name for the custom report being created; enter description for easy identification of the report
  • select the type of report out of which you wish to create the custom report
  • specify the criteria based on which the custom report has to be created. Refer to the example above on specifying the criteria. In case, you want to specify multiple values for the same column name, enter the entries in comma separated form. In the example above, in case, you want to generate the report pertaining to two departments - Network Administration and Finance departments, enter the values for the column 'Department' as Network Administration,Finance.
  • in case, you want to specify advanced criteria, edit the control expressions field; you can specify advanced conditions using expressions. Refer to the example above for details.
  • you have the option to control the number and order of columns to be displayed in the custom report. From "Select Columns" on LHS, choose the required columns. Use the up, down arrows on the RHS to control the arrangement of the columns in the report
  • click "Save" to save the entries. Click "Generate Report" to generate the customized report.

Custom Reports - Use Case

By leveraging the power of the custom reports, you can meet many of your auditing requirements with ease. Following is just one use case

Exit Audit Report

Continuously assessing the vulnerability with respect to password access is one of the important auditing requirements. When an administrator, who had active access to the privileged passwords leaves the organization, it is imperative to assess the vulnerability. This requires taking a list of all the passwords that were accessed by the particular user during a specified time period and then initiate steps to change the passwords.

Taking a report on all the password management operations performed by the particular administrator during a specified time period, could serve as 'Exit Audit Report'. Custom reports help you generate a report to achieve this precisely. All that you need to do is to get the report out of the 'Resource Audit'.

  • Specify the time period for the custom report
  • Select the criteria as 'Operation Type' contains (C1) (just leave the criteria field blank to represent that you want to take a report on all operations)
  • 'Operated by' 'User A' (C2) who is leaving the organization

The resultant report will provide you list of password management operations performed by the particular administrator during the time range specified.

Custom Reports out of 'Resource Audit' and 'User Audit' would prove highly useful as you would be able to meet most of your auditing requirements by properly leveraging them.

©2014, ZOHO Corp. All Rights Reserved.

Top