This chapter describes typical situations in a production environment and how InTrust with the TPAM Knowledge Pack help handle them, as follows:
Information in this section implies that you are familiar with InTrust repositories and Repository Viewer. For detailed information on browsing InTrust repositories with Repository Viewer, refer to Understanding InTrust Repositories and Searching for Events in Repository Viewer.
Suppose for a security reason you need to check whether and when (if applicable) a specific user had access to a particular host through TPAM session. Given that you have configured TPAM and InTrust intercommunication as described in the Getting Started topic, you can solve this task as follows:
One of the greatest benefits of using InTrust in your environment is that you get the ability to consolidate various log sources and view them in InTrust Repository Viewer.
Information on user and admin activity from TPAM complements information from the other sources such as events from Active Directory domain controllers where TPAM users reside, the user session events tracked on workstations or any other sources supported by InTrust for log collection. Combining such information sources together allows getting complete trace of user activity in your environment.
Suppose you need to correlate Syslog events from TPAM with events from Windows event log to completely track activity of a particular user in your environment, such as
For that purpose, you can create a custom Search Folder which includes all necessary data sources in InTrust Repository Viewer and use the Who field from Normalized Strings as well as any other filter parameters as follows:
Now you can track when the selected users logon to their Windows computers, when they access TPAM and which activities they perform through TPAM.