立即与支持人员聊天
与支持团队交流

InTrust 11.6.1 - Preparing for Auditing Privilege Manager for Sudo

Privilege Manager for Sudo Auditing Overview

In enterprises One Identity Privilege Manager for Sudo helps administer Sudo and manage privileged access through sudo in order to meet highest compliance and security requirements. Providing comprehensive auditing of privileged access through sudo across all of the systems managed by Privilege Manager for Sudo is vital for raising individual accountability and achieving compliance goals set by external regulations and internal security policy requirements. InTrust complements Privilege Manager for Sudo auditing capabilities by collecting logs produced by Privilege Manager for Sudo and building reports based on collected log data.

To integrate InTrust with Privilege Manager for Sudo, use the InTrust Knowledge Pack for One Identity Privilege Manager for Sudo that is provided.

Benefits of Using InTrust

When integrated with Privilege Manager for Sudo, InTrust brings new, powerful means of automating and streamlining your auditing workflow:

  • Long-term data storage, archival, and backup. With InTrust, you can use file-based repositories to store Privilege Manager for Sudo logs in a compressed form for any period of time; extract events from the repository for on-going reporting needs. These features help organizations comply with external regulations and internal policies.
  • Exploration and representation of Privilege Manager for Sudo logs in InTrust Repository Viewer with the following benefits:
    • Quick and interactive full-text search
    • Fields detection and field-based search
    • Grouping, sorting and charting of information
  • Consolidation of various log sources to allow comprehensive analysis of privileged users activity, such as
    • Logon events from Windows DCs and logon session events from Windows workstations
    • Events from native logs residing on UNIX/Linux hosts managed by Privilege Manager for Sudo
    • Changes to Active Directory, File Systems, Exchange objects and other infrastructure components and IT data captured by the Change Auditor family of products.

The following figure shows how Privilege Manager for Sudo and InTrust work together:

 

How Integration Works

Communication between the components takes place as follows:

  1. InTrust agent installed on Privilege Manager for Sudo master host transmits all Syslog events from the host to InTrust default repository.
  2. Privilege Manager for Sudo events in InTrust Repository events in InTrust Repository are normalized into a common representation not requiring expert knowledge of events.
  3. As a result, data from Privilege Manager for Sudo can be tracked using any of the following:
    • Repository Viewer (for ad-hoc searches and forensic analysis)
    • Knowledge Portal (for interactive and schedule based reporting)

Getting Started

自助服务工具
知识库
通知和警报
产品支持
下载软件
技术说明文件
用户论坛
视频教程
RSS订阅源
联系我们
获得许可 帮助
技术支持
查看全部
相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级