Reporting When a Sensitive Password has been Viewed

As discussed in last week’s blog https://www.clickstudios.com.au/blog/passwordstate-email-notifications-explained/, Passwordstate is designed to keep Security Administrators and users informed when different events take place. Building on from that, we’ll now setup a Scheduled Report that alerts an intended audience of a Password record being viewed within a preset timeframe.

You could look at using this approach for very sensitive password credentials where you want to closely monitor when they are being used and by whom.

Password Record being Reported:

We’re going to use the following account for this blog (don’t worry it’s a fake account). It does however provide an account to report against. We’ve specifically set up a description field that’s meaningful as per the screenshot below;

Setting up the Report:

Next, we’ll setup a Scheduled Report which runs once every 5 minutes.  This report will only generate and send an email if the password for ClickStudiosAccount has been viewed. If no one has viewed the password record then you won’t get an email – so no false positive emails. Note you can schedule the duration for any period of time you like.

First you’ll need to navigate to Reports->Scheduled Reports and click on Add Report as show below;

When creating the report, on the report settings tab give it a Report Name and a Report Description (if you wish), but importantly make sure you CC in a user or a mailbox of your choice in the CC Report To field.  The report will be sent to the person creating the Scheduled Report by default but it will also CC in the mailbox specified.  Ensure you tick the option to not send the report if no results are produced, and choose the report type as Custom Auditing Report:

Next, on the schedule tab, select the frequency of One Time, click on the Generate report and specify a frequency of 5 Minutes as per the screen shot below;

and finally, on the auditing settings tab, select the Password List where the password is located, the Activity Type as Password Viewed, Query Previous for 5 minutes (of auditing activity), and enter the unique value you set in the Description field of the Password record, then click on Save Report;

This report will now run every 5 minutes, and on finding any activities matching the type of Password Viewed will email the person that setup the Scheduled Report as well as the email addresses specified on the CC line.

As always, we welcome your feedback via support@clickstudios.com.au.

Speak Your Mind

*