One Identity Privilege Manager for Sudo Auditing Overview
In enterprises One Identity Privilege Manager for Sudo helps administer Sudo and manage privileged access through sudo in order to meet highest compliance and security requirements. Providing comprehensive auditing of privileged access through sudo across all of the systems managed by Privilege Manager for Sudo is vital for raising individual accountability and achieving compliance goals set by external regulations and internal security policy requirements. InTrust complements Privilege Manager for Sudo auditing capabilities by collecting logs produced by Privilege Manager for Sudo and building reports based on collected log data.
To integrate InTrust with Privilege Manager for Sudo, use the InTrust Knowledge Pack for One Identity Privilege Manager for Sudo that is provided.
Benefits of Using InTrust
When integrated with Privilege Manager for Sudo, InTrust brings new, powerful means of automating and streamlining your auditing workflow:
- Long-term data storage, archival, and backup. With InTrust, you can use file-based or Centera-based repositories to store Privilege Manager for Sudo logs in a compressed form for any period of time; extract events from the repository for on-going reporting needs. These features help organizations comply with external regulations and internal policies.
- Exploration and representation of Privilege Manager for Sudo logs in InTrust Repository Viewer with the following benefits:
- Quick and interactive full-text search
- Fields detection and field-based search
- Grouping, sorting and charting of information
- Consolidation of various log sources to allow comprehensive analysis of privileged users activity, such as
- Logon events from Windows DCs and logon session events from Windows workstations
- Events from native logs residing on UNIX/Linux hosts managed by Privilege Manager for Sudo
- Changes to Active Directory, File Systems, Exchange objects and other infrastructure components and IT data captured by the Change Auditor family of products.
The following figure shows how Privilege Manager for Sudo and InTrust work together:
How Integration Works
Communication between the components takes place as follows:
- InTrust agent installed on Privilege Manager for Sudo master host transmits all Syslog events from the host to InTrust default repository.
- Privilege Manager for Sudo events in InTrust Repository events in InTrust Repository are normalized into a common representation not requiring expert knowledge of events.
- As a result, data from Privilege Manager for Sudo can be tracked using any of the following:
- Repository Viewer (for ad-hoc searches and forensic analysis)
- Knowledge Portal (for interactive and schedule based reporting)
Getting Started
- Step 1. Install InTrust with Privilege Manager for Sudo Knowledge Pack
- Step 2. Install the Agent
- Step 3. Establish a Connection with InTrust Server
- Step 4. Add Agent to Site on InTrust Server
- Step 5. Enable Schedule for Daily Collection Task
- Step 6. Run Daily Collection Task
- Step 7. Run Weekly Reporting Task