Reports
(Feature
available only in Premium
Edition)
Overview
The information on the entire password management process in your enterprise
is presented in the form of comprehensive reports in PMP. The status and
summaries of the different activities such as password inventory, policy
compliance, password expiry, user activity etc are provided in the form
of tables and graphs, which assist the IT administrators to make a well-informed
decisions on password management.
Password Manager Pro provides about nine canned reports classified under
four types. In addition, there is provision to create custom reports.
Canned Reports
Types of Reports
PMP provides four types of reports -
Password Reports
User Reports
General Reports
Compliance Reports
Password Reports
All details pertaining to the device properties,
hardware properties, firmware details, audit details pertaining to the
devices etc have been presented under Network Reports.
To access the Network Reports, just go to
the "Reports"
tab.
|
Report Name |
What does it Convey |
Additional Information |
Password Inventory Report |
This report provides a snapshot of details about the total number of
resources, passwords, resource types and users present in PMP. Besides,
it provides details about the ownership of each password/resource and
details about the time at which the passwords were accessed.
There are three sections in this report:
Password
Inventory Summary
This section lists down the details in summary
about the total number of resources, passwords, resource types and users
present in PMP.
Password Inventory by Resource Type
This section provides a pie-chart showing
the distribution of passwords in accordance with the resource type.
Password Ownership & Access Details
This section lists down the ownership details
of resources and passwords in tabular form. You can make a search in this
report by clicking the icon  present at the top-right
hand corner of the table.
|
This report can be generated in the form of PDF and can be emailed to
required recipients. Click the links "Export
to PDF" and "Email this
Report" to do the required operation.
Schedule Report |
Password Compliance Report |
This report provides a snapshot of details about the passwords that
comply to the password policy set by the administrator and the ones that
do not comply. Besides, it provides details about the ownership of each
password.
Also, in the case of the passwords which are found to be non-compliant,
details about non-compliance are also provided. This helps in taking the
required corrective action immediately to make them compliant.
There are three sections in this report:
Password
Policy Compliance - Summary Report
This section lists down the details in summary
about the total number of passwords, total number of passwords that comply
to the policy and total number of passwords that are non-compliant.
Policy Violation by Resource Type
This section provides a pie-chart showing
the number of passwords that are non-compliant to the defined policy based
on the resource type.
Password Compliance - Detailed Report
This section lists down the compliance details
of all the resources (whether they are compliant with the defined policy
or not). It also depicts the number of violations in each resource and
the ownership details of resources and passwords in tabular form. You
can make a search in this report by clicking the icon present
at the top-right hand corner of the table.
|
This report can be generated in the form of PDF and can be emailed to
required recipients. Click the links "Export
to PDF" and "Email this
Report" to do the required operation. |
Password Expiry Report |
This report provides information about the validity details of passwords.
In other words, it provides details about the passwords that have expired
and the passwords that are valid.
There are three sections in this report:
Password
Expiry - Summary Report
This section lists down the details in summary
about the total number of passwords, total number of expired passwords
and total number of valid passwords.
Password Expiry by Resource Type
This section provides a pie-chart showing
the number of expired passwords in each resource type.
Password Expiry - Detailed Report
This section lists down the expiry/validity
details of all the resources. It also depicts the number of expired/valid
passwords in each resource and the ownership details of resources and
passwords in tabular form. You can make a search in this report by clicking
the icon present at the top-right hand corner of the table.
|
This report can be generated in the form of PDF and can be emailed to
required recipients. Click the links "Export
to PDF" and "Email this
Report" to do the required operation. |
Password Activity Report |
This report provides information about the usage details of all passwords
in the system. It provides details about the passwords that were most
accessed during a specific time period, the ones that were least accessed,
average access per day, per week, passwords that were frequently reset
etc.
There are six sections in this report:
Activity
Statistics -
Summary Report
This section lists down the details in summary
about the total number of passwords, average access per day/ per week,
average password age, the number of passwords for which reset is supported,
number of passwords that were reset using agents, number of passwords
that were reset without agents, number of failures in password reset etc.
Top 10 Passwords Access Count
This section provides a graph showing the
top 10 passwords that were accessed most.
Top 10 Passwords Reset Count
This section provides a graph showing the
top 10 passwords that were reset most.
Bottom 10 Passwords Access Count
This section provides a graph showing
the least accessed 10 passwords.
Bottom
10 Passwords Reset Count
This section provides a graph showing
the least reset 10 passwords.
Password Activity Details
This section provides the following details
about the passwords that are in sync with the target systems:
Date of creation of the password, number
of times the password had been accessed
from the date of creation,
number of time the password underwent changes, the time at which the password
was accessed/changed last, the frequency at which the password is being
accessed every day, the frequency at which the password is being changed
every week etc.
List of resources for which access control workflow has been activated
This section lists all the resources for which password access control workflow has been activated
List of resources for which access control workflow has been deactivated
This section lists all the resources for which password access control workflow has been deactivated
List of resources for which access control workflow has not been configured
This section lists all the resources for which password access control workflow has not been configured at all
|
This report can be generated in the form of PDF and can be emailed to
required recipients. Click the links "Export
to PDF" and "Email this
Report" to do the required operation. |
Password Integrity Report
|
Passwords of resources such as servers, databases, network devices and
other applications are stored in PMP. It is quite possible that someone
who have administrative access to these resources could access the resource
directly and change the password of the administrative account. In such
cases, the password stored in PMP would be outdated and will not be of
use to the users who access PMP for the password. PMP provides option
for checking the integrity of passwords at any point of time on demand
and also at periodic intervals.
You can create a scheduled task for carrying out the integrity check
at periodic intervals. Click "Schedule
Report" and fill-in the details.
You can also generate the integrity report at any point of time by clicking
the link "Generate
Report". When you do so, you will get the results of the automatic
integrity check done by PMP at 1 AM every day for all the accounts for
which remote synchronization has been enabled. The results of the current
day's check done at 1 AM will be depicted in the report.
In case, you want to carry out integrity check at any moment on
demand to get latest details, you need to click the option "Run
Integrity Check". PMP will try to establish connection with
the target systems for all the accounts for which remote password reset
has been enabled. Once the connection is established, it tries to login
with the credentials stores in PMP. If login does not succeed, PMP concludes
that the password is out of sync. In case, PMP is not even able to establish
connection with the system due to some network problem, it will not be
taken as password out of sync. A consolidated notification would be emailed
to all the administrators and auditors.
The Password Integrity report provides information if the passwords
in the system are in sync with the corresponding passwords in the target
systems.
There are two sections in this report:
Password
Integrity - Summary Report
This section lists down the details in summary
about the total number of passwords for which reset is supported, passwords
for which reset is done using agents, number of passwords that were reset
using agents, number of passwords in
the system are in sync with the corresponding passwords in the target
systems, number of passwords that are out of sync etc.
Password
Integrity - Details
This section provides details about the integrity
status, who carried out password reset, the time at which the reset was
done etc.
|
This report can be generated in the form of PDF and can be emailed to
required recipients. Click the links "Export
to PDF" and "Email this
Report" to do the required operation. |
Ungrouped Passwords |
Passwords stored in PMP are part of resources and the resources can be grouped into resource groups. Certain resources may not be part of any resource group. The passwords belonging to such resources are listed in this report. |
|
Password Access Control |
Provides complete details about the password access control workflow scenario of your organizations. List of resources for which access control has been enabled, resources for which access control is activated/deactivated, resources for which the requests are automatically approved, list of password release requests approved/denied etc are depicted through this report. |
|
User Reports
|
Report Name |
What does it Convey |
Additional Information |
User Access Report |
This report provides details about all users in the system with reference
to password and resource access.
This report has three sections:
User Statistics - Summary
Report
Details such as the number of new users added during the last five days,
users deleted, role change, number of invalid login attempts, users who
carried out password reset during the past five days, users who did not
login during the last five days, total number of users/user groups in
the system, user roles etc are presented as part of this report.
User Activity Summary Report
The actions performed by users on passwords such as password retrieval,
password reset etc captured as part of this summary report. This report
provides the number of such actions done by each user. Similarly, the
number of password actions performed by members of each user group are
also depicted.
User Access Details
The resources and resource groups that are owned by/shared to each user
are depicted as part of this report. The privileges allowed for the user
are also listed.
User
Group Access Details
The list of users who are members of the group, resource groups that
are owned by/shared to the user group are depicted as part of this report.
|
This report can be generated in the form of PDF and can be emailed to
required recipients. Click the links "Export
to PDF" and "Email this
Report" to do the required operation. |
User Activity Report |
This report provides details about the password usage of all the users
in the system.
This report has four sections:
Activity Statistics - Summary
Report
The total number of passwords accessed by users and user groups during
a specified time period are depicted in the form of graphs.
Top 10 Users - Login/Access/Reset
The list of the top 10 users who performed most login attempts, most
password access and most password resets.
Bottom 10 Users - Login/Access/Reset
The list of 10 users who performed least login attempts, least password
access and least password resets.
User Activity Details
All details about users, including the total number of login attempts
made, number of invalid attempts, number of passwords accessed, number
of passwords reset are depicted.
|
This report can be generated in the form of PDF and can be emailed to
required recipients. Click the links "Export
to PDF" and "Email this
Report" to do the required operation. |
General Reports
|
Report Name |
What does it Convey |
Additional Information |
Executive Report |
This report provides a snapshot of all password access and user activities
in the system.
It is a combined report of Password and User reports. It provides details,
in summary, about the following:
Password Statistics, Password Activity, Password Policy, Password Expiry,
Password Out of Sync, User Statistics and User Activity. |
This report can be generated in the form of PDF and can be emailed to
required recipients. Click the links "Export
to PDF" and "Email this
Report" to do the required operation. |
Compliance Report
|
Report Name |
What does it Convey |
Additional Information |
PCI DSS Compliance Report
The PCI DSS stands for Payment Card Industry Data Security Standard.
It is a multifaceted security standard that includes requirements for
security management, policies, procedures, network architecture, software
design and other critical protective measures. It represents a set of
rules that need to be adhered to by businesses that process credit cardholder
information, to ensure data is protected. The PCI Data Security Standard
is comprised of 12 general requirements designed to:
Build and maintain a secure network Protect cardholder data Ensure the maintenance of vulnerability management
programs Implement strong access control measures Regularly monitor and test networks Ensure the maintenance of information security
policies
This standard is governed by PCI Security Standards Council https://www.pcisecuritystandards.org/ |
This reports the violations in your network from the requirements of
Payment Card Industry (PCI) Data Security Standard (DSS), relevant to
the use and management practices of shared administrative, software and
service account passwords of various systems.
PCI DSS requirements 2,3,7,8,10 &
12 are covered in this report.
Note: In order
to adhere to "all" the requirements of the PCI DSS standard
completely, you will need other tools and security procedures to be implemented.
|
You have the option to generate separate compliance reports for each
PCI DSS requirement 2,3,7,8,10 & 12. You can also generate a consolidated
PCI DSS report too.
This report can be generated in the form of PDF and can be emailed to
required recipients. Click the links "Export
to PDF" and "Email this
Report" to do the required operation. |
Scheduling Report Generation
All reports can be scheduled to be generated at periodic intervals.
The reports thus generated can be sent via email to required recipients.
To create a schedule for any report,
go to "Reports"
tab
click the link "Schedule
Report" available under the name of each report
in the GUI that opens, select the required schedule
- every day / every month / only once
provide the date / time at which the schedule
has to commence
enter the list of email ids to which the report
has to be emailed
click "Schedule".
The result of the scheduled task created here are audited and can be
viewed from the "Task Audit" section.
To terminate an already created schedule,
Click the link "Schedule
Report" available under the name of report (for which the
schedule has to be terminated)
In the GUI that opens, select the option "Never"
Click "Schedule"
The schedule will be terminated
Custom Reports
You can create customized reports out of
the four canned reports (Password Inventory, Password Compliance, Password
Expiry and Password Integrity) and two audit reports (Resource Audit and
User Audit). You can specify certain criteria and create customized reports
as per your needs.
The custom reports have been designed to
bring out specific information from the PMP database as per your needs.
The canned reports provide a snapshot of details in general. On the other
hand, you can create a custom report out of this canned report to get
specific details.
For instance, let us take the case of creating
a custom report out of Password Inventory Report.
Assume that
you want to get a report on the resources owned by 'User A' in 'Network
Administration' department. You can create a custom report from the 'Password
Inventory Report' by specifying the criteria as Resources from 'Department'
'Network Administration' AND 'Owner'
name as 'User A'.
The real
power of the custom reports lies in the fact that you can specify criteria expression and cull out information
catering to your more specific needs.
Let us take another example to explain
this:
Assume that your need is to take a list
of all the sensitive passwords belonging to the resource types Windows
and Windows Domain, Linux and Cisco, owned by a particular administrator
- say John. Also, you want to
get details on the share permissions for those passwords - with whom the
passwords have been shared.
Here, the following are the conditions:
Sensitive accounts
with names 'administrator' on Windows and Windows Domain, 'root' on Linux
and 'enable' on Cisco are to be identified
Among such accounts,
only those that are owned by john are to be identified
So, the criteria will be as follows:
To identify the 'administrator'
accounts on Windows/Windows Domain, the criteria is
To identify the 'root' accounts on Linux,
the criteria is
To identify the 'enable' accounts on Cisco
devices, the criteria is
To identify the resources
owned by john
Now, you need to specify
the criteria expression to combine the above factors:
((C1
and C2) or (C3 and C4) or (C5 and C6))
and C7
That means, you want to identify the resources/accounts
complying to any and all the criteria listed above and finally match the
ownership.
How to create custom reports?
To create custom reports,
go to "Reports"
tab
click the link "Custom
Reports"
click the link "Create
Custom Reports" available
on top right hand corner
in the GUI that opens, provide a name for the
custom report being created; enter description for easy identification
of the report
select the type of report out of which you wish
to create the custom report
specify the criteria
based on which the custom report has to be created. Refer
to the example above on specifying the criteria. In case, you want
to specify multiple values for the same
column name, enter the entries in comma separated form. In the
example above, in case, you want to generate the report pertaining to
two departments - Network Administration and
Finance departments, enter the values for the column 'Department'
as Network Administration,Finance.
in case, you want to specify advanced criteria,
edit the control expressions field;
you can specify advanced conditions using expressions. Refer
to the example above for details.
you have the option to control the number and
order of columns to be displayed in the custom report. From "Select Columns" on LHS, choose
the required columns. Use the up, down arrows on the RHS to control the
arrangement of the columns in the report
click "Save"
to save the entries. Click "Generate
Report" to generate the customized report.
Custom Reports - Use Case
By leveraging the power of the custom reports, you can meet many of
your auditing requirements with ease. Following is just one use case:
Exit Audit Report
Continuously assessing the vulnerability with respect to password access
is one of the important auditing requirements. When an administrator,
who had active access to the privileged passwords leaves the organization,
it is imperative to assess the vulnerability. This requires taking a list
of all the passwords that were accessed by the particular user during
a specified time period and then initiate steps to change the passwords.
Taking a report on all the password management operations performed
by the particular administrator during a specified time period, could
serve as 'Exit Audit Report'. Custom reports help you generate a report
to achieve this precisely. All that you need to do is to get the report
out of the 'Resource Audit'.
Specify the time period for the custom report
Select the criteria as 'Operation
Type' contains (C1)
(just leave
the criteria field blank to represent that you want to take a report on
all operations)
'Operated by'
'User A' (C2) who is leaving the
organization
The resultant report will provide you list of password management operations
performed by the particular administrator during the time range specified.
Custom Reports out of 'Resource Audit' and
'User Audit' would prove highly useful as you would be able to meet most
of your auditing requirements by properly leveraging them.
© 2009, ZOHO Corp. All Rights Reserved.