powerbroker identity services report book · 2020-07-27 · operating system. compliance report...
TRANSCRIPT
PowerBroker Identity Services
Report Book
Report Book 2 © 2017. BeyondTrust Software, Inc
Table of Contents
Report Title: Access Denied Events ......................................................................................................5
Report Title: Access Privilege Changes .................................................................................................6
Report Title: Access Privilege Daily Changes .........................................................................................7
Report Title: Access Privileges by Computer .........................................................................................8
Report Title: Access Privileges by User .................................................................................................9
Report Title: Account Attribute Inconsistencies .................................................................................. 10
Report Title: Accounts with Old Passwords......................................................................................... 11
Report Title: Active Directory accounts with Time or Computer restrictions ......................................... 12
Report Title: AD User Session Activity Events...................................................................................... 13
Report Title: All Events ...................................................................................................................... 14
Report Title: Audit Failure Events....................................................................................................... 15
Report Title: Audit Service Activity Reports ........................................................................................ 16
Report Title: Audit Success Events ..................................................................................................... 17
Report Title: Cell Access Report ......................................................................................................... 18
Report Title: Computer Access Report ............................................................................................... 19
Report Title: Computers By OS .......................................................................................................... 21
Report Title: Computers By OS (Summary) ......................................................................................... 22
Report Title: Computers By OS Running PBIS Services ......................................................................... 23
Report Title: Computers With Invalid DNS Name ................................................................................ 24
Report Title: Default Cell Access Report ............................................................................................. 24
Report Title: Disabled Accounts ......................................................................................................... 26
Report Title: Error Events .................................................................................................................. 27
Report Title: Failed Console Logon (Active Directory) Events ............................................................... 28
Report Title: Failed Console Logon (Local) Events ............................................................................... 28
Report Title: Failed Domain Join Events.............................................................................................. 29
Report Title: Failed Domain Leave Events ........................................................................................... 30
Report Title: Failed Group Policy Update Events ................................................................................. 31
Report Title: Failed Kerberos Refresh Events ...................................................................................... 32
Report Title: Failed Logon Events ....................................................................................................... 32
Report Title: Failed Password Change Events...................................................................................... 34
Report Book 3 © 2017. BeyondTrust Software, Inc
Report Title: Failed PowerBroker Services Events ............................................................................... 35
Report Title: Failed Smartcard Logon Events....................................................................................... 36
Report Title: Failed SSH Logon (Active Directory) Events ..................................................................... 36
Report Title: Failed SSH Logon (Local) Events...................................................................................... 37
Report Title: Failed Sudo Access Events.............................................................................................. 39
Report Title: Group Access Report ..................................................................................................... 40
Report Title: Group List ..................................................................................................................... 41
Report Title: Group Policy Error Events .............................................................................................. 42
Report Title: Inactive Computers ....................................................................................................... 43
Report Title: Inactive Users ............................................................................................................... 44
Report Title: Inactive Users Over 90 days ........................................................................................... 45
Report Title: Information Events ........................................................................................................ 46
Report Title: Logon Activity Report .................................................................................................... 47
Report Title: Network Status Offline Events........................................................................................ 48
Report Title: Network Status Online Events ........................................................................................ 49
Report Title: PBUL – All Command Activity Events .............................................................................. 49
Report Title: PBUL – All Command Completion Events ........................................................................ 50
Report Title: PBUL – All Events........................................................................................................... 52
Report Title: PBUL Accepted Command Events ................................................................................... 53
Report Title: PBUL Detected Keystroke Events.................................................................................... 54
Report Title: PBUL Finish Failed Events............................................................................................... 55
Report Title: PBUL Finish Successful Events ........................................................................................ 57
Report Title: PBUL Rejected Command Events.................................................................................... 58
Report Title: PowerBroker Access Restriction Changes Reports ........................................................... 60
Report Title: Root Logon Events......................................................................................................... 62
Report Title: Root Logon Failure Events.............................................................................................. 63
Report Title: Root Logon Success Events ............................................................................................ 64
Report Title: Security Policies ............................................................................................................ 65
Report Title: Successful Console Logon (Active Directory) Events......................................................... 67
Report Title: Successful Console Logon (Local) Events ......................................................................... 68
Report Title: Successful Domain Join Events ....................................................................................... 69
Report Title: Successful Domain Leave Events .................................................................................... 70
Report Title: Successful Group Policy Update Events........................................................................... 71
Report Book 4 © 2017. BeyondTrust Software, Inc
Report Title: Successful Kerberos Refresh Events ................................................................................ 72
Report Title: Successful Logon Events ................................................................................................ 73
Report Title: Successful Password Change Events ............................................................................... 74
Report Title: Successful Smartcard Logon Events ................................................................................ 75
Report Title: Successful SSH Logon (Active Directory) Events ............................................................... 76
Report Title: Successful SSH Logon (Local) Events ............................................................................... 77
Report Title: Successful Sudo Access Events ....................................................................................... 78
Report Title: Sudo Command Events .................................................................................................. 79
Report Title: Sudo GPO Settings......................................................................................................... 80
Report Title: System Log Error Events ................................................................................................ 81
Report Title: System Log Information Events ...................................................................................... 82
Report Title: System Log Warning Events ........................................................................................... 83
Report Title: Temporary Accounts ..................................................................................................... 84
Report Title: User Access Report........................................................................................................ 85
Report Title: User List........................................................................................................................ 87
Report Title: Users With Non-Expiring Passwords ............................................................................... 88
Report Title: Warning Events ............................................................................................................. 89
About BeyondTrust........................................................................................................................... 90
Report Book 5 © 2017. BeyondTrust Software, Inc
Report Title: Access Denied Events
REPORT DESCRIPTION:
This report displays all access denied events.
Compliance Report Categories
NIST SP800-53 (FISMA)
AC-3 (Access Enforcement)
PCI
7.1 – Account access restrictions requirement
SOX Section 404
Monitoring
General Report Categories
PowerBroker Event Reports
Report Book 6 © 2017. BeyondTrust Software, Inc
Report Title: Access Privilege Changes
REPORT DESCRIPTION:
This report displays the account changes by user name and date range.
Compliance Report Categories
NIST SP800-53 (FISMA)
AC-3 (Access Enforcement)
IA-2 (Organizational Users)
PCI
7.2 – Account access Restriction Mechanism Requirement
8.5.4 – Terminated employees requirement
SOX Section 404
Monitoring
General Report Categories
Entitlement Report
Report Book 7 © 2017. BeyondTrust Software, Inc
Report Title: Access Privilege Daily Changes
REPORT DESCRIPTION:
This report displays the account changes by user name since 12 AM.
Compliance Report Categories
NIST SP800-53 (FISMA)
AC-3 (Access Enforcement)
IA-4 (Identifier Management)
SOX Section 404
Monitoring
General Report Categories
Entitlement Report
Report Book 8 © 2017. BeyondTrust Software, Inc
Report Title: Access Privileges by Computer
REPORT DESCRIPTION:
This report displays accounts by computer and date range.
Compliance Report Categories
NIST SP800-53 (FISMA)
AC-2 (Account Management)
IA-3 (Device Identification and Authentication)
PCI
7.1 – Account access restrictions requirement
8.2 – User account authentication methods requirement
SOX Section 404
Monitoring
General Report Categories
Entitlement Report
Report Book 9 © 2017. BeyondTrust Software, Inc
Report Title: Access Privileges by User
REPORT DESCRIPTION:
This report displays account by user name and date range.
Compliance Report Categories
NIST SP800-53 (FISMA)
AC-2 (Account Management)
AC-3 (Access Enforcement)
IA-2 (Organizational Users)
PCI
7.1 – Account access restrictions requirement
8.2 – User account authentication methods requirement
SOX Section 404
Monitoring
General Report Categories
Entitlement Report
Report Book 10 © 2017. BeyondTrust Software, Inc
Report Title: Account Attribute Inconsistencies
REPORT DESCRIPTION:
This report displays account with inconsistent multiple identities.
Compliance Report Categories
NIST SP800-53 (FISMA)
IA-4 (Identifier Management)
PCI
8.1 – User accounts with unique IDs requirement
SOX Section 404
Ensure systems security
General Report Categories
Entitlement Report
Report Book 11 © 2017. BeyondTrust Software, Inc
Report Title: Accounts with Old Passwords
REPORT DESCRIPTION:
This report displays information about user accounts with old passwords.
Compliance Report Categories
NIST SP800-53 (FISMA)
AC-1 (Access Control Policy and Procedures)
PCI
8.5.9 (Passwords changed every 90 days requirement
General Report Categories
Inventory Reporting
Users
Report Book 12 © 2017. BeyondTrust Software, Inc
Report Title: Active Directory accounts with Time or Computer restrictions
REPORT DESCRIPTION:
This report information about restricted user accounts.
Compliance Report Categories
NIST SP800-53 (FISMA)
AC-2 (Account Management)
AC-3 (Access Enforcement)
PCI
8.5.6 (Vendor account access requirement)
General Report Categories
Inventory Reporting
Users
Report Book 13 © 2017. BeyondTrust Software, Inc
Report Title: AD User Session Activity Events
REPORT DESCRIPTION:
This report displays Active Directory user account session initialization and termination activity events.
Compliance Report Categories
NIST SP800-53 (FISMA)
AC-8 (System Use Notification)
AC-14 (Session Audit)
SOX Section 404
Monitoring
General Report Categories
PowerBroker Events Reporting
Report Book 14 © 2017. BeyondTrust Software, Inc
Report Title: All Events
REPORT DESCRIPTION:
This report displays all events.
Compliance Report Categories
NIST SP800-53 (FISMA)
AU-3 (Content of Audit Records)
AU-6 (Audit Review, Analysis, and Reporting)
SOX Section 404
Monitoring
General Report Categories
PowerBroker Event Reporting
Report Book 15 © 2017. BeyondTrust Software, Inc
Report Title: Audit Failure Events
REPORT DESCRIPTION:
This report displays all audit failure events.
Compliance Report Categories
NIST SP800-53 (FISMA)
AU-2 (Auditable Events)
AU-6 (Audit Review, Analysis, and Reporting)
AU-12 (Audit Generation)
SOX Section 404
Monitoring
General Report Categories
PowerBroker Events Reporting
Report Book 16 © 2017. BeyondTrust Software, Inc
Report Title: Audit Service Activity Reports
REPORT DESCRIPTION:
This report displays audit service activity events.
Compliance Report Categories
NIST SP800-53 (FISMA)
AU-5 (Response to Audit Processing Failures)
AU-12 (Audit Generation)
PCI
10.1 (Auditing: Verify that auditing trails are active requirement)
10.2.6 (Auditing: Service start and stop activity reporting requirement)
SOX Section 404
Monitoring
General Report Categories
PowerBroker Events Reporting
Report Book 17 © 2017. BeyondTrust Software, Inc
Report Title: Audit Success Events
REPORT DESCRIPTION:
This report displays audit success events.
Compliance Report Categories
NIST SP800-53 (FISMA)
AU-2 (Auditable Events)
AU-6 (Audit Review, Analysis, and Reporting)
AU-12 (Audit Generation)
SOX Section 404
Monitoring
General Report Categories
PowerBroker Events Reporting
Report Book 18 © 2017. BeyondTrust Software, Inc
Report Title: Cell Access Report
REPORT DESCRIPTION:
This report displays PowerBroker cells and the computers, user accounts, and group accounts that are
members in the cell. Duplicate IDs in each cell are also displayed.
Compliance Report Categories
NIST SP800-53 (FISMA)
AC-1 (Access Control Policy and Procedures)
AC-2 (Account Management)
AC-3 (Access Enforcement)
AC-5 (Separation of Duties)
AC-6 (Least Privilege)
AC-14 (Permitted Actions without Identification or Authentication)
IA-2 (Organizational Users)
IA-4 (Identifier Management)
SOX Section 404
Ensure systems security
General Report Categories
PowerBroker Identity Services Access Control Reporting
Report Book 19 © 2017. BeyondTrust Software, Inc
Report Title: Computer Access Report
REPORT DESCRIPTION:
This report displays computer information and the user accounts that can access the computer.
Compliance Report Categories
NIST SP800-53 (FISMA)
AC-1 (Access Control Policy and Procedures)
AC-2 (Account Management)
AC-3 (Access Enforcement)
AC-14 (Permitted Actions without Identification or Authentication)
IA-2 (Organizational Users)
IA-3 (Device Identification and Authentication)
SOX Section 404
Report Book 20 © 2017. BeyondTrust Software, Inc
Ensure systems security
General Report Categories
PowerBroker Identity Services Access Control Reporting
Report Book 21 © 2017. BeyondTrust Software, Inc
Report Title: Computers By OS
REPORT DESCRIPTION:
This report displays computers joined to Active Directory, grouped by operating system.
Compliance Report Categories
NIST SP800-53 (FISMA)
CM-2 (Baseline Configuration)
CM-8 (Information System Component Inventory)
IA-3 (Device Identification and Authentication)
PCI
10.2.5 (Auditing: Use of identification and authentication mechanisms)
General Report Categories
Inventory reporting
Report Book 22 © 2017. BeyondTrust Software, Inc
Report Title: Computers By OS (Summary)
REPORT DESCRIPTION:
This report displays the number of computers joined to Active Directory that are running PBIS services.
Compliance Report Categories
NIST SP800-53 (FISMA)
CM-2 (Baseline Configuration)
CM-8 (Information System Component Inventory)
PCI
10.2.5 (Auditing: Use of identification and authentication mechanisms)
General Report Categories
Inventory reporting (Computers)
Report Book 23 © 2017. BeyondTrust Software, Inc
Report Title: Computers By OS Running PBIS Services
REPORT DESCRIPTION:
This report displays the computers joined to Active Directory running PBIS services, grouped by operating system.
Compliance Report Categories
NIST SP800-53 (FISMA)
CM-2 (Baseline Configuration)
CM-8 (Information System Component Inventory)
PCI
10.2.5 (Auditing: Use of identification and authentication mechanisms)
General Report Categories
Inventory reporting (Computers)
Report Book 24 © 2017. BeyondTrust Software, Inc
Report Title: Computers With Invalid DNS Name
REPORT DESCRIPTION:
This report displays computers that appear to have an invalid DNS domain name.
General Report Categories
Inventory reporting
Computers
Report Title: Default Cell Access Report
REPORT DESCRIPTION:
This report displays information about the PowerBroker default cell, including: computers, user account,
and groups that are members in the default cell. Duplicate IDs are also included.
Compliance Report Categories
NIST SP800-53 (FISMA)
AC-2 (Account Management)
AC-3 (Access Enforcement)
AC-5 (Separation of Duties)
IA-2 (Organization Users)
Report Book 25 © 2017. BeyondTrust Software, Inc
IA-4 (Identifier Management)
SOX Section 404
Ensure systems security
General Report Categories
PowerBroker Identity Services Access Control reporting
Report Book 26 © 2017. BeyondTrust Software, Inc
Report Title: Disabled Accounts
REPORT DESCRIPTION:
This report displays information about disabled user accounts.
Compliance Report Categories
NIST SP800-53 (FISMA)
AC-2 (Account Management)
AC-3 (Access Enforcement)
PCI
8.5.4 – Terminated employees requirement
SOX Section 404
Monitoring
General Report Categories
Inventory reporting (Users)
Report Book 27 © 2017. BeyondTrust Software, Inc
Report Title: Error Events
REPORT DESCRIPTION:
This report displays all error events.
Compliance Report Categories
NIST SP800-53 (FISMA)
AU-6 (Audit Review, Analysis, and Reporting)
SOX Section 404
Monitoring
General Report Categories
PowerBroker Events reporting
Report Book 28 © 2017. BeyondTrust Software, Inc
Report Title: Failed Console Logon (Active Directory) Events
REPORT DESCRIPTION:
This report displays Active Directory account logon failures.
Compliance Report Categories
NIST SP800-53 (FISMA)
IA-2 (Organizational Users)
SOX Section 404
Monitoring
General Report Categories
PowerBroker Event Reports
Report Title: Failed Console Logon (Local) Events
REPORT DESCRIPTION:
This report displays information about failed logon attempts using a local account.
Compliance Report Categories
SOX Section 404
Monitoring
General Report Categories
PowerBroker Event Reports
Report Book 29 © 2017. BeyondTrust Software, Inc
Report Title: Failed Domain Join Events
REPORT DESCRIPTION:
This report displays domain join failures.
Compliance Report Categories
SOX Section 404
Monitoring
General Report Categories
PowerBroker Event Reports
Report Book 30 © 2017. BeyondTrust Software, Inc
Report Title: Failed Domain Leave Events
REPORT DESCRIPTION:
This report displays information about domain leave failures.
Compliance Report Categories
SOX Section 404
Monitoring
General Report Categories
PowerBroker Event Reports
Report Book 31 © 2017. BeyondTrust Software, Inc
Report Title: Failed Group Policy Update Events
REPORT DESCRIPTION:
This report displays Group Policy update failure events.
Compliance Report Categories
NIST SP800-53 (FISMA)
AC-4 (Information Flow Enforcement)
CM-3 (Configuration Change Control)
CM-6 (Configuration Settings)
PCI
10.2.4 (Auditing: Invalid logical access)
SOX Section 404
Monitoring
General Report Categories
PowerBroker Event Reports
Report Book 32 © 2017. BeyondTrust Software, Inc
Report Title: Failed Kerberos Refresh Events
REPORT DESCRIPTION:
This report displays information Kerberos refresh attempts that failed.
Compliance Report Categories
PCI
10.2.4 (Auditing: Invalid logical access)
SOX Section 404
Monitoring
General Report Categories
PowerBroker Event Reports
Report Title: Failed Logon Events
REPORT DESCRIPTION:
This report displays logon attempt failures.
Compliance Report Categories
NIST SP800-53 (FISMA)
AC-7 (Unsuccessful Login Attempts)
PCI
10.2.4 (Auditing: Invalid logical access)
SOX Section 404
Monitoring
General Report Categories
PowerBroker Event Reports
Report Book 33 © 2017. BeyondTrust Software, Inc
Report Book 34 © 2017. BeyondTrust Software, Inc
Report Title: Failed Password Change Events
REPORT DESCRIPTION:
This report displays password change attempts on computers.
Compliance Report Categories
PCI
10.2.4 (Auditing: Invalid logical access)
SOX Section 404
Monitoring
General Report Categories
PowerBroker Event Reports
Report Book 35 © 2017. BeyondTrust Software, Inc
Report Title: Failed PowerBroker Services Events
REPORT DESCRIPTION:
This report displays information about PowerBroker Services events that failed.
Compliance Report Categories
NIST SP800-53 (FISMA)
AU-12 (Audit Generation)
PCI
10.2.4 (Auditing: Invalid logical access)
SOX Section 404
Monitoring
General Report Categories
PowerBroker Event Reports
Report Book 36 © 2017. BeyondTrust Software, Inc
Report Title: Failed Smartcard Logon Events
REPORT DESCRIPTION:
This report displays Smart Card logon failures.
Compliance Report Categories
NIST SP800-53 (FISMA)
AC-7 (Unsuccessful Login Attempts)
IA-2 (Organizational Users)
PCI
10.2.4 (Auditing: Invalid logical access)
SOX Section 404
Monitoring
General Report Categories
PowerBroker Event Reports
Report Title: Failed SSH Logon (Active Directory) Events
REPORT DESCRIPTION:
This report displays SSH logon failures using an Active Directory account.
Compliance Report Categories
NIST SP800-53 (FISMA)
AC-7 (Unsuccessful Login Attempts)
AC-17 (Remote Access)
IA-2 (Organizational Users)
SOX Section 404
Monitoring
Report Book 37 © 2017. BeyondTrust Software, Inc
Report Title: Failed SSH Logon (Local) Events
REPORT DESCRIPTION:
This report displays SSH logon failures using a local account.
Compliance Report Categories
NIST SP800-53 (FISMA)
AC-7 (Unsuccessful Login Attempts)
AC-17 (Remote Access)
IA-2 (Organizational Users)
SOX Section 404
Monitoring
Report Book 38 © 2017. BeyondTrust Software, Inc
Report Book 39 © 2017. BeyondTrust Software, Inc
Report Title: Failed Sudo Access Events
REPORT DESCRIPTION:
This report displays Sudo access failures on computers.
Compliance Report Categories
NIST SP800-53 (FISMA)
AC-3 (Access Enforcement)
AC-4 (Information Flow Enforcement)
AC-7 (Unsuccessful Login Attempts)
PCI
7.1 (Account access restrictions requirement)
10.2.2 (Auditing: Tracking root and administrative privileges requirement)
SOX Section 404
Monitoring
General Report Categories
PowerBroker Event Reports
Report Book 40 © 2017. BeyondTrust Software, Inc
Report Title: Group Access Report
REPORT DESCRIPTION:
This report displays Active Directory groups and the PowerBroker cells where they are members.
Report Book 41 © 2017. BeyondTrust Software, Inc
Report Title: Group List
REPORT DESCRIPTION:
This report displays all Active Directory groups and the group members.
Report Book 42 © 2017. BeyondTrust Software, Inc
Report Title: Group Policy Error Events
REPORT DESCRIPTION:
This report displays Group Policy errors.
Compliance Report Categories
SOX
Monitoring
General Report Categories
Inventory reporting
Group Policy Objects
PowerBroker Event Reporting
Report Book 43 © 2017. BeyondTrust Software, Inc
Report Title: Inactive Computers
REPORT DESCRIPTION:
This report display inactive computers. Inactivity is based on passwords not changed after more than 90
days.
Compliance Report Categories
NIST SP800-53 (FISMA)
IA-3 (Device Identification and Authentication)
General Report Categories
Inventory
Computers
Report Book 44 © 2017. BeyondTrust Software, Inc
Report Title: Inactive Users
REPORT DESCRIPTION:
This report displays inactive user accounts within the last 90 days.
Compliance Report Categories
NIST SP800-53 (FISMA)
AC-2 (Account Management)
PCI
8.5.4 (Terminated employees requirement)
General Report Categories
Inventory
Users
Report Book 45 © 2017. BeyondTrust Software, Inc
Report Title: Inactive Users Over 90 days
REPORT DESCRIPTION:
This report displays inactive user accounts (no activity for more than 90 days).
Compliance Report Categories
NIST SP800-53 (FISMA)
AC-2 (Account Management)
PCI
8.5.5 (No inactive account over 90 days old requirement
General Report Categories
Inventory
Users
Report Book 46 © 2017. BeyondTrust Software, Inc
Report Title: Information Events
REPORT DESCRIPTION:
This report display events that are Information only.
Compliance Report Categories
NIST SP800-53 (FISMA)
AU-6 (Audit Review, Analysis, and Reporting)
SOX Section 404
Monitoring
General Report Categories
PowerBroker Event Reports
Report Book 47 © 2017. BeyondTrust Software, Inc
Report Title: Logon Activity Report
REPORT DESCRIPTION:
This report displays the number of logon activities.
Compliance Report Categories
NIST SP800-53 (FISMA)
AC-3 (Access Enforcement)
AC-4 (Information Flow Enforcement)
AU-14 (Session Audit)
IA-2 (Organizational Users)
PCI
8.2 (User account authentication methods requirement)
SOX Section 404
Monitoring
General Report Categories
PowerBroker Event Reports
Report Book 48 © 2017. BeyondTrust Software, Inc
Report Title: Network Status Offline Events
REPORT DESCRIPTION:
This report displays network status offline events.
Compliance Report Categories
SOX Section 404
Monitoring
General Report Categories
PowerBroker Event Reports
Report Book 49 © 2017. BeyondTrust Software, Inc
Report Title: Network Status Online Events
REPORT DESCRIPTION:
This report displays online network status events.
Compliance Report Categories
SOX Section 404
Monitoring
General Report Categories
PowerBroker Event Reports
Report Title: PBUL – All Command Activity Events
REPORT DESCRIPTION:
This report displays PowerBroker Servers accepted commands from master host computers.
Compliance Report Categories
NIST SP800-53 (FISMA)
AC-3 (Access Enforcement)
AC-4 (Information Flow Enforcement)
PCI
7.1 (Account access restrictions requirement)
10.2.2 (Auditing: Tracking root and administrative privileges requirement)
SOX Section 404
Monitoring
General Report Categories
PowerBroker Event Reports
PowerBroker Servers (PBUL) Reports
Report Book 50 © 2017. BeyondTrust Software, Inc
Report Title: PBUL – All Command Completion Events
REPORT DESCRIPTION:
This report displays PowerBroker Servers accepted commands that completed from master host
computers.
Compliance Report Categories
NIST SP800-53 (FISMA)
AC-3 (Access Enforcement)
AC-4 (Information Flow Enforcement)
PCI
7.1 (Account access restrictions requirement)
Report Book 51 © 2017. BeyondTrust Software, Inc
10.2.2 (Auditing: Tracking root and administrative privileges requirement)
SOX Section 404
Monitoring
General Report Categories
PowerBroker Event Reports
PowerBroker Servers (PBUL) Reports
Report Book 52 © 2017. BeyondTrust Software, Inc
Report Title: PBUL – All Events
REPORT DESCRIPTION:
This report displays PowerBroker events, including accept, reject events from the master host computer.
Compliance Report Categories
PowerBroker Event Reports
PowerBroker Servers (PBUL) Reports
Report Book 53 © 2017. BeyondTrust Software, Inc
Report Title: PBUL Accepted Command Events
REPORT DESCRIPTION:
This report displays PowerBroker Servers accepted commands from master host computers.
Compliance Report Categories
NIST SP800-53 (FISMA)
AC-3 (Access Enforcement)
AC-4 (Information Flow Enforcement)
PCI
7.1 (Account access restrictions requirement)
10.2.2 (Auditing: Tracking root and administrative privileges requirement)
SOX Section 404
Monitoring
General Report Categories
PowerBroker Event Reports
PowerBroker Servers (PBUL) Reports
Report Book 54 © 2017. BeyondTrust Software, Inc
Report Title: PBUL Detected Keystroke Events
REPORT DESCRIPTION:
This report displays PowerBroker Servers keystroke events.
Compliance Report Categories
NIST SP800-53 (FISMA)
AC-3 (Access Enforcement)
AC-4 (Information Flow Enforcement)
PCI
7.1 (Account access restrictions requirement)
10.2.2 (Auditing: Tracking root and administrative privileges requirement)
SOX Section 404
Report Book 55 © 2017. BeyondTrust Software, Inc
Monitoring
General Report Categories
PowerBroker Event Reports
PowerBroker Servers (PBUL) Reports
Report Title: PBUL Finish Failed Events
REPORT DESCRIPTION:
This report displays PowerBroker Servers events that failed to finish.
Compliance Report Categories
NIST SP800-53 (FISMA)
AC-3 (Access Enforcement)
AC-4 (Information Flow Enforcement)
PCI
7.1 (Account access restrictions requirement)
10.2.2 (Auditing: Tracking root and administrative privileges requirement)
SOX Section 404
Monitoring
General Report Categories
PowerBroker Event Reports
PowerBroker Servers (PBUL) Reports
Report Book 56 © 2017. BeyondTrust Software, Inc
Report Book 57 © 2017. BeyondTrust Software, Inc
Report Title: PBUL Finish Successful Events
REPORT DESCRIPTION:
This report displays PowerBroker Servers events that completed successfully.
Compliance Report Categories
NIST SP800-53 (FISMA)
AC-3 (Access Enforcement)
AC-4 (Information Flow Enforcement)
PCI
7.1 (Account access restrictions requirement)
10.2.2 (Auditing: Tracking root and administrative privileges requirement)
SOX Section 404
Monitoring
General Report Categories
PowerBroker Event Reports
PowerBroker Servers (PBUL) Reports
Report Book 58 © 2017. BeyondTrust Software, Inc
Report Title: PBUL Rejected Command Events
REPORT DESCRIPTION:
This report displays PowerBroker Servers commands that were run on the master host but were
rejected.
Compliance Report Categories
NIST SP800-53 (FISMA)
AC-3 (Access Enforcement)
AC-4 (Information Flow Enforcement)
PCI
7.1 (Account access restrictions requirement)
10.2.2 (Auditing: Tracking root and administrative privileges requirement)
SOX Section 404
Report Book 59 © 2017. BeyondTrust Software, Inc
Monitoring
General Report Categories
PowerBroker Event Reports
PowerBroker Servers (PBUL) Reports
Report Book 60 © 2017. BeyondTrust Software, Inc
Report Title: PowerBroker Access Restriction Changes Reports
REPORT DESCRIPTION:
This report displays PowerBroker access restriction changes events. For example, shows ‘require-
membership-of’ setting changes.
Compliance Report Categories
NIST SP800-53 (FISMA)
AC-3 (Access Enforcement)
CM-5 (Access Restrictions for Change)
PCI
7.2 (Account Access Restriction Mechanism Requirement)
SOX Section 404
Monitoring
General Report Categories
PowerBroker Event Reports
Report Book 61 © 2017. BeyondTrust Software, Inc
Report Book 62 © 2017. BeyondTrust Software, Inc
Report Title: Root Logon Events
REPORT DESCRIPTION:
This report displays logon events for the root account.
Compliance Report Categories
NIST SP800-53 (FISMA)
AU-14 (Session Audit)
PCI
10.2.2 (Auditing: Tracking root and administrative privileges requirement)
SOX Section 404
Monitoring
General Report Categories
PowerBroker Event Reports
Report Book 63 © 2017. BeyondTrust Software, Inc
Report Title: Root Logon Failure Events
REPORT DESCRIPTION:
This report displays information about the logon failures for the root account.
Compliance Report Categories
NIST SP800-53 (FISMA)
AU-14 (Session Audit)
PCI
10.2.2 (Auditing: Tracking root and administrative privileges requirement)
SOX Section 404
Monitoring
General Report Categories
PowerBroker Event Reports
Report Book 64 © 2017. BeyondTrust Software, Inc
Report Title: Root Logon Success Events
REPORT DESCRIPTION:
This report displays information about logon successes for the root account.
Compliance Report Categories
NIST SP800-53 (FISMA)
AU-14 (Session Audit)
PCI
10.2.2 (Auditing: Tracking root and administrative privileges requirement)
SOX Section 404
Monitoring
General Report Categories
PowerBroker Event Reports
Report Book 65 © 2017. BeyondTrust Software, Inc
Report Title: Security Policies
REPORT DESCRIPTION:
This report displays information about GPOs.
Compliance Report Categories
NIST SP800-53 (FISMA)
AU-1 (Access Control Policy and Procedures)
AC-2 (Account Management)
AC-3 (Access Enforcement)
AC-5 (Separation of Duties)
AC-8 (System Use Notification)
AC-14 (Permitted Actions without Identification or Authentication)
AC-16 (Security Attributes)
AU-4 (Audit Storage Capacity)
AU-12 (Audit Generation)
CM-2 (Baseline Configuration)
CM-3 (Configuration Change Control)
CM-6 (Configuration Settings)
CM-7 (Least Functionality)
PCI
8.2 (User account authentication methods requirement)
8.5.9 (Passwords changed every 90 days requirement)
8.5.10 (Passwords at least 7 characters long requirement)
8.5.11 (Passwords contain both alphabet and numeric characters requirement)
8.5.12 (Passwords cannot be the same as four previously used requirement)
8.5.13 (User account lockout after 6 invalid logon attempts requirement)
8.5.14 (User account lockout for 30 minutes or until admin resets account requirement)
8.5.15 (System idle timeout locks system after 15 minutes requirement
Report Book 66 © 2017. BeyondTrust Software, Inc
10.2.2 (Auditing: Tracking root and administrative privileges requirement)
SOX Section 404
Ensure systems security
General Report Categories
Inventory
Group Policy Objects
Report Book 67 © 2017. BeyondTrust Software, Inc
Report Title: Successful Console Logon (Active Directory) Events
REPORT DESCRIPTION:
This report displays information about successful logon events to the BeyondTrust console using an
Active Directory account.
Compliance Report Categories
NIST SP800-53 (FISMA)
IA-2 (Organizational Users)
SOX Section 404
Monitoring
General Report Categories
PowerBroker Event Reports
Report Book 68 © 2017. BeyondTrust Software, Inc
Report Title: Successful Console Logon (Local) Events
REPORT DESCRIPTION:
This report displays information about successful logon events to the BeyondTrust console using a local
account.
Compliance Report Categories
SOX Section 404
Monitoring
General Report Categories
PowerBroker Event Reports
Report Book 69 © 2017. BeyondTrust Software, Inc
Report Title: Successful Domain Join Events
REPORT DESCRIPTION:
This report displays domain join events that succeed.
Compliance Report Categories
NIST SP800-53 (FISMA)
CM-8 (Information System Component Inventory)
SOX Section 404
Monitoring
General Report Categories
PowerBroker Event Reports
Report Book 70 © 2017. BeyondTrust Software, Inc
Report Title: Successful Domain Leave Events
REPORT DESCRIPTION:
This report displays domain leave events that succeed.
Compliance Report Categories
NIST SP800-53 (FISMA)
CM-8 (Information System Component Inventory)
SOX Section 404
Monitoring
General Report Categories
PowerBroker Event Reports
Report Book 71 © 2017. BeyondTrust Software, Inc
Report Title: Successful Group Policy Update Events
REPORT DESCRIPTION:
This report displays GPO updates that succeeded on computers.
Compliance Report Categories
NIST SP800-53 (FISMA)
CM-6 (Configuration Settings)
PCI
10.2.4 (Auditing: Invalid logical access attempts to systems requirement)
SOX Section 404
Monitoring
General Report Categories
Group Policy Objects
PowerBroker Event Reports
Report Book 72 © 2017. BeyondTrust Software, Inc
Report Title: Successful Kerberos Refresh Events
REPORT DESCRIPTION:
This report displays Kerberos refresh events that succeeded.
Compliance Report Categories
SOX Section 404
Monitoring
General Report Categories
PowerBroker Event Reports
Report Book 73 © 2017. BeyondTrust Software, Inc
Report Title: Successful Logon Events
REPORT DESCRIPTION:
This report displays logon events that succeeded.
Compliance Report Categories
PCI
7.1 (Account access restrictions requirement)
10.2.4 (Auditing: Invalid logical access attempts to systems requirement)
SOX Section 404
Monitoring
General Report Categories
PowerBroker Event Reports
Report Book 74 © 2017. BeyondTrust Software, Inc
Report Title: Successful Password Change Events
REPORT DESCRIPTION:
This report displays password changes that succeeded for computers in the selected OU.
Compliance Report Categories
PCI
10.2.4 (Auditing: Invalid logical access attempts to systems requirement)
SOX Section 404
Monitoring
General Report Categories
PowerBroker Event Reports
Report Book 75 © 2017. BeyondTrust Software, Inc
Report Title: Successful Smartcard Logon Events
REPORT DESCRIPTION:
This report displays SmartCard logon events that succeeded.
Compliance Report Categories
NIST SP800-53 (FISMA)
IA-2 (Organizations Users)
PCI
7.1 (Account access restrictions requirement)
10.2.4 (Auditing: Invalid logical access attempts to systems requirement)
SOX Section 404
Monitoring
General Report Categories
PowerBroker Event Reports
Report Book 76 © 2017. BeyondTrust Software, Inc
Report Title: Successful SSH Logon (Active Directory) Events
REPORT DESCRIPTION:
This report displays SSH logon attempts that succeeded using an Active Directory account.
Compliance Report Categories
NIST SP800-53 (FISMA)
AC-17 (Remote Access)
IA-2 (Organizational Users)
SOX Section 404
Monitoring
General Report Categories
PowerBroker Event Reports
Report Book 77 © 2017. BeyondTrust Software, Inc
Report Title: Successful SSH Logon (Local) Events
REPORT DESCRIPTION:
This report displays SSH logon attempts that succeeded using a local account.
Compliance Report Categories
NIST SP800-53 (FISMA)
AC-17 (Remote Access)
SOX Section 404
Monitoring
General Report Categories
PowerBroker Event Reports
Report Book 78 © 2017. BeyondTrust Software, Inc
Report Title: Successful Sudo Access Events
REPORT DESCRIPTION:
This report displays Sudo access attempts that succeeded.
Compliance Report Categories
NIST SP800-53 (FISMA)
AC-4 (Information Flow Enforcement)
AU-14 (Session Audit)
PCI
7.1 (Account access restrictions requirement)
10.2.2 (Auditing: Tracking root and administrative privileges requirement)
SOX Section 404
Monitoring
General Report Categories
PowerBroker Event Reports
Report Book 79 © 2017. BeyondTrust Software, Inc
Report Title: Sudo Command Events
REPORT DESCRIPTION:
This report displays all Sudo command events.
Compliance Report Categories
NIST SP800-53 (FISMA)
AC-4 (Information Flow Enforcement)
AU-14 (Session Audit)
PCI
10.2.2 (Auditing: Tracking root and administrative privileges requirement)
SOX Section 404
Monitoring
General Report Categories
PowerBroker Event Reports
Report Book 80 © 2017. BeyondTrust Software, Inc
Report Title: Sudo GPO Settings
REPORT DESCRIPTION:
This report displays the GPOs where Sudo commands are used.
Compliance Report Categories
NIST SP800-53 (FISMA)
AC-3 (Access Enforcement)
AC-4 (Information Flow Enforcement)
AC-5 (Separation of Duties)
AC-6 (Least Privilege)
AC-14 (Permitted Actions with Identification and Authentication)
AC-16 (Security Attributes)
CM-2 (Baseline Configuration)
CM-5 (Access Restrictions for Change)
CM-6 (Configuration Settings)
PCI
7.1 (Account access restrictions requirement)
10.2.2 (Auditing: Tracking root and administrative privileges requirement)
General Report Categories
Inventory
Group Policy Objects
Report Book 81 © 2017. BeyondTrust Software, Inc
Report Title: System Log Error Events
REPORT DESCRIPTION:
This report displays System Log error events.
Compliance Report Categories
NIST SP800-53 (FISMA)
AU-6 (Audit Review, Analysis, and Reporting)
SOX Section 404
Monitoring
General Report Categories
PowerBroker Event Reports
Report Book 82 © 2017. BeyondTrust Software, Inc
Report Title: System Log Information Events
REPORT DESCRIPTION:
This report displays System Log Information events.
Compliance Report Categories
NIST SP800-53 (FISMA)
AU-6 (Audit Review, Analysis, and Reporting)
SOX Section 404
Monitoring
General Report Categories
PowerBroker Event Reports
Report Book 83 © 2017. BeyondTrust Software, Inc
Report Title: System Log Warning Events
REPORT DESCRIPTION:
This report displays System Log Warning events.
Compliance Report Categories
NIST SP800-53 (FISMA)
AU-6 (Audit Review, Analysis, and Reporting)
SOX Section 404
Monitoring
General Report Categories
PowerBroker Event Reports
Report Book 84 © 2017. BeyondTrust Software, Inc
Report Title: Temporary Accounts
REPORT DESCRIPTION:
This report displays information for temporary accounts, including expiry date for the account.
Compliance Report Categories
NIST SP800-53 (FISMA)
AC-2 (Temporary Accounts)
IA-2 (Organizational Users)
PCI
8.5.6 (Vendor account access requirement)
General Report Categories
Inventory
Users
Report Book 85 © 2017. BeyondTrust Software, Inc
Report Title: User Access Report
REPORT DESCRIPTION:
This report displays Active Directory user accounts and whether the account is activated in a
PowerBroker cell.
Compliance Report Categories
NIST SP800-53 (FISMA)
AC-1 (Access Control Policy and Procedures)
AC-3 (Access Enforcement)
AC-14 (Permitted Actions without Identification or Authentication)
IA-2 (Organizational Users)
PCI
8.1 (Users account with unique IDs requirement)
8.5.6 (Vendor account access requirement)
SOX Section 404
Ensure systems security
General Report Categories
Inventory
Users
PowerBroker Access Control Reports
Report Book 86 © 2017. BeyondTrust Software, Inc
Report Book 87 © 2017. BeyondTrust Software, Inc
Report Title: User List
REPORT DESCRIPTION:
This report displays all Active Directory user accounts.
Compliance Report Categories
NIST SP800-53 (FISMA)
AC-2 (Account Management)
IA-2 (Organizational Users)
IA-4 (Identifier Management)
General Report Categories
Inventory
Users
Report Book 88 © 2017. BeyondTrust Software, Inc
Report Title: Users With Non-Expiring Passwords
REPORT DESCRIPTION:
This report displays all Active Directory user accounts where passwords will not expire.
Compliance Report Categories
PCI
8.5.9 (Passwords changed every 90 days requirement)
General Report Categories
Inventory
Users
Report Book 89 © 2017. BeyondTrust Software, Inc
Report Title: Warning Events
REPORT DESCRIPTION:
This report displays all Warning events.
Compliance Report Categories
NIST SP800-53 (FISMA)
AU-6 (Audit Review, Analysis, and Reporting)
SOX Section 404
Monitoring
General Report Categories
PowerBroker Event Reports
Report Book 90 © 2017. BeyondTrust Software, Inc
About BeyondTrust
BeyondTrust is a proven leader with more than 25 years of experience. More than half of the
companies listed on the Dow Jones, eight of the 10 largest banks, seven of the 10 largest aerospace and defense firms, and six of the 10 largest U.S. pharmaceutical companies rely on
BeyondTrust to secure their enterprise.
Visit www.beyondtrust.com
• Read more about our products, solutions and awards
• Download evaluation versions of our products
Contact us at 1.800.234.9072 or email us at [email protected] We can provide security advice, full-featured evaluation, pilots, and appliance trials
Visit our Resource Center for video demonstrations, webinars, events & free trials
www.beyondtrust.com/Home/Resources