立即与支持人员聊天
与支持团队交流

InTrust 11.4.2 - InTrust Reports

Report Pack for Solaris

This section contains a list of reports included in the InTrust11.4.2 Report Pack for Oracle.

Administrative Activity

Configuration Files Modification

Configuration files modifications

This InTrust report shows instances of plain text file modification. This lets you find out whether changes were made to particular Solaris configuration files. The report displays when strings were added or removed, but does not include the actual changes. If a line was modified, the report treats this as a combination of line deletion and line addition.

Group management

This InTrust report shows instances of group creation and deletion for Solaris. The Solaris Accounts Monitoring data source should be configured to generate this report. Click the Details link for a particular group to see the details of the group management action in a sub-report.

Group membership management

This InTrust report shows instances of members being added to groups and removed from groups for Solaris. The Solaris Accounts Monitoring data source should be configured to generate this report. You can organize information in several ways for convenient analysis.

User management

This InTrust report shows instances of user account creation and deletion for Solaris. The Solaris Accounts Monitoring data source should be configured to generate this report. Click the Details link for a particular user to see the details of the user management action in a sub-report.

chmod command usage

This InTrust report shows usage of the chmod command, which changes file modes. Tracking this activity can provide useful information from a security standpoint.

chown command usage

This InTrust report shows usage of the chown command, which changes the owner of a file. Tracking this activity can provide useful information from a security standpoint.

passwd command usage

This InTrust report shows usage of the passwd command, which changes a users password. Tracking this activity can provide useful information from a security standpoint (for example, during security incident investigations.)

Forensic Analysis

All Solaris Audit Log events

Solaris Audit Log events
Solaris Syslog Events

This InTrust form helps you perform detailed analysis of security events in your Solaris environment.REQUIREMENT InTrust 9.6

Normal User Activity

Logins

Failed logins

This InTrust report shows statistics on failed logins by all users. Click a number in the report to view details of the logins.

Successful logins

This InTrust report shows statistics on successful logins by all users. Click a number in the report to view details of the logins.

File access

This InTrust report shows details of file access attempts. Failed Click a Details link to view a sub-report with details of the relevant event.

Process execution

This InTrust report shows process execution data based on the exec() and execve() system calls.

su command usage

This InTrust report helps track the use of the su command. For each host, it shows the following information: date and time the command was used, audit user and real user who issued the command, and the corresponding Solaris Audit log message.

User sessions

This InTrust report shows details of user sessions, from login to logout, and lets you discover particular users activity patterns.

 

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级