Jump to content

Azkabahn

Members
  • Content Count

    153
  • Joined

  • Last visited

  • Days Won

    2

Everything posted by Azkabahn

  1. @SGauvin i think it's easier to put a proper health checks on your backend and then visualize in Grafana or any other similar systems. Next step would be to add alerting based on triggers. Also - put a dynamic DNS load balancer in front so you could easily switch between primary instance and HA. We have built all of it and we do PasswordState upgrades with 0 downtime.
  2. Azkabahn

    New Permissions Report requested

    +1 Also it is difficult to understand the situation where a user is duplicated many times when you look at the permission list. For example: User A has modify permissions for Record A User A has view permissions for Record B I will have the same user displayed 3 times: 2 for above permissions, 1 record under the guest column. Perhaps it would be possible to separate such views? One for password list level, second for individual records?
  3. Azkabahn

    Password viewed emails to list admins only?

    +1 from me as well
  4. Azkabahn

    ELK and PasswordState

    Hi, i would like to start this thread to get some insights if any of the other customers are using external syslog server to ship the logs from PasswordState. I am using ELK stack. Currently i am trying to create custom filters in Kibana to filter out the logs from PasswordState. I have the question, does the PasswordState always include "Passwordstate" value in the logs that are being sent to syslog server? host:X.X.X.X @timestamp:September 12th 2017, 17:17:29.728 @version:1 message:<110>2017-09-12 16:15:52 X.X.X.X Passwordstate: Failed 'Forms Based' login attempt for UserID 'n.lastname' from the IP Address 'X.X.X.X'. Client IP Address = X.X.X.X _id:AV_aAXYurEipAt82YaPZ _type:logs _index:%{type}-2017.11.20 _score: - Feature Request - it would be great to have support for TCP ports
  5. Azkabahn

    External user access

    I will put my +1 as well. We get into similar situations where it's better to use PasswordState to expose temporary login info to outsources than some other external tool.
  6. Azkabahn

    Report: Password lists (and/or folders?) without admins

    Hi, used this SQL query for several times. I would put +1 for this feature to have it in the reporting. I would improve with the additional column indicating the number of records in the password list.
  7. Hi, I would like to propose to split auditing table in the backend into two tables. Not sure if other customers complain or have a huge load on PasswordState, but I tend to see that such feature would be beneficial. We have a lot of integration with CI/CD (Continuous integration / continuous delivery) tools via API and WinAPI. I am aware of the flag (PreventAuditing) that can be appended to the API calls in order not to leave traces in the audit log. I must say this should not be an option at all it's very complicated to do forensics or analyze if someone scraped all the password list with such flag. This leaves to another point. By having regular logs and API logs in one table, it reflects on UI performance. Also, what is the point for a regular user to see in the "recent activity grid" logs about API calls? Probably none, a user just want to have a glimpse into what's going on. Knowledge and understanding of what is API, in general, indicates that a person has a technical background. This means he/she will know where or how to find audit logs regarding API.
  8. Azkabahn

    Multible Tabs

    Hi, so now it is possible to enable multiple tabs? I cannot seem to find it. I have V8.4 (Build 8411)
  9. Hi, I have asked this quite some time ago and you said to wait for 2-3 months. I thought I will wait for more and perhaps now it's time to ask again :) Would you consider to implement WinAPI access permissions per individual record in the password list?
  10. Hi, I randomly uploaded a new icon expecting that there is an autoscaling implemented, but it's not I think it's small fix and it will avoid manually fixing all images to be 20x20
  11. Azkabahn

    Autoscaling icon on upload

    Of course, there is no problem for that. I thought I will just point this out in case it wasn't
  12. Azkabahn

    Autoscaling icon on upload

    Interesting... Perhaps then there could be a button that scales the image to default size - 20x20px. I cannot come up with the case where someone wants to have an image over 40x40px OR something I have posted. It's doesn't look good from UI/UX perspective.
  13. Azkabahn

    Adding host via api and account discovery

    Thanks for a suggestion, but I'm not allowing "client" to access passwords, it is only able to add himself to Hosts Probably I'll need to live with searching by IP at least for some time, keep in mind that any field that is inherited from Host ---> password would be appreciated in future releases
  14. Hello, We are adding Linux hosts via API, however I have couple of concerns. Why passwordstate doesn't use "IP" field in host object ? It is trying to use "Hostname" when connecting to discover accounts. Maybe with windows is less likely to have hostname without fqdn, however often linux systems does have hostname that can not be resolved, more reliable way would be to use its IP instead of hostname, don't you think so ? Also, It is strange why after account discovery, password is being created with "HostName" or "UserName" variables only, host has field "Title" but no way to use it during discovery. tldr: 1. Can passwordstate use IP(internal/external) field for communication with hosts instead of "HostName"? 2. Can passwordstate inherit more variables, so I would be able to specify "Title" from Host object to be inserted into password object upon discovery 3. Is there any way that I could trigger account discovery(password change) immediately after host is added ? With current setup, it is not enough to run it once a day (new host will hang there with "default" password and no records of accounts on that server until Discovery job will start.
  15. Azkabahn

    Adding host via api and account discovery

    Just a quick thought, we are fine even if "HostName" will be added in password notes, that works too (since password state will be able to find that particular password using hostname and/or IP)
  16. Azkabahn

    Adding host via api and account discovery

    Sure, I know, I have done this before, however then I have issue that discovered account is saved with "IP" as Hostname/Title which is not that cool also, I mean usually users will search for a password using hostname of machine. So basically there would be 2 solutions for this issue. 1. Make it possible for Discovery job to use "Internal/external IP" field on account discovery (I guess not gonna happen ) 2. Make Discovery Job "append" Title field from host to password object (so you would be able to search for a password using hostname OR IP address)
  17. Azkabahn

    Adding host via api and account discovery

    This is what I was asking, It was strange for me to have IP field and would be not able to use it, sure we have DNS records, however it is not most reliable thing when you are managing thousands of hosts. If I understood you right, there is no way to use that field, only fqdn (hostname) that can be resolved ? I see, idea was not to give "Host/client" any access to password lists, only it should be able to create host object. It will not be the case I guess.. Thanks for the suggestions, will try to figure it out somehow
  18. Azkabahn

    Adding host via api and account discovery

    And if possible, could you explain a bit more about this. AFAIK, there is not such thing implemented in API calls, so somehow I should track/catch events on passwordstate itself ? Any example how it can be done ?
  19. Azkabahn

    Adding host via api and account discovery

    Well, doesn't look like this, If I add Hostname instead of IP, heartbeat fails instantly. And this is how host definition looks like And trying to discover accounts results in: p.s Discovery script uses exact variable: $success = $ssh.Connect($HostName, $Port) Sorry if I'm not right, Powershell isn't my thing
  20. Azkabahn

    API Auditing Enhancement

    +1 point to this as well. This is related to what i just recently posted
  21. Hi, do you plan on improving/introducing a bit easier reporting of permissions that exists within password list and for individual records? I am aware of scheduled reports and available options in the administration area, but it doesn't make it easier when it comes to access review or understanding who and what access has. A couple of issues to illustatre: If I go to Administration -> Reporting -> "Report Name: What permissions exist (all users and security groups)?". I select a password list that I want to view, then select a filter (Guest = NotIsEmpty). I get a couple of users with Guest permissions in the Password List, but then I have to manually do the analytics and figure it out what permissions they have for the individual record. A similar situation from the simple user perspective. A user with 500 records in the password list, when you click on "View Password List Permissions" it is basically impossible to easily get a full picture of who has which permission
  22. Azkabahn

    What permissions exist reporting

    Of course. I will try to make some UI samples/suggestions
×