13-PAM-ADMIN Reports.pdf
Document Details
Uploaded by FancySarod
CyberArk University
Tags
Full Transcript
PAM Administration Reports © 2023 CyberArk Software Ltd. All rights reserved By the end of this lesson, you will be able to: 1. Describe the different types of report...
PAM Administration Reports © 2023 CyberArk Software Ltd. All rights reserved By the end of this lesson, you will be able to: 1. Describe the different types of reports that are available Agenda 2. Describe the permissions required to run different reports 3. Generate various reports using the PVWA and PrivateArk Client 4. Extract data for reports using the Export Vault Data Utility © 2023 CyberArk Software Ltd. All rights reserved Two Types of Reports Reports in CyberArk can be divided into two broad categories: PrivateArk Reports PVWA Reports PrivateArk Reports PVWA Reports Reports that would be of interest to Vault Admins Reports that would be of interest to Auditors License capacity of the system Privileged Accounts Inventory Lists of Users Applications Inventory Active/Non-active Users Privileged Accounts Compliance Status Safes List Entitlement Report Active/Non-active Safes Activity Log © 2023 CyberArk Software Ltd. All rights reserved PrivateArk Client Reports © 2023 CyberArk Software Ltd. All rights reserved Generating PrivateArk Reports Access Reports under the Tools menu in the PrivateArk Client. Access Reports under the Tools menu in the PrivateArk Client. © 2023 CyberArk Software Ltd. All rights reserved License Capacity Report Displays the licensed user types and objects in the Vault, the maximum number of licenses for each, and the number of licenses used. Displays the licensed user types and objects in the Vault, the maximum number of licenses for each, and the number of licenses used. © 2023 CyberArk Software Ltd. All rights reserved User List A list of all users (including disabled) according to location. Active Users/Non-Active Users Reports can be generated for Active or Non-Active users. Safes List A list of all Safes and their properties Active Safes/ Non-Active Safes A list of Safes that either have or have not had activity over a specified time period PVWA Reports © 2023 CyberArk Software Ltd. All rights reserved Access to Reports Reports can be generated by users who belong to the group specified in the ManageReportsGroup parameter, which can be found under Administration → Options → Reports. By default, this is the internal CyberArk PVWAMonitor group and Vault Administrators are typically members of this group. Generating PVWA Reports To generate a report, go to the Reports tab and click on the Generate Report button. Select the Report to Generate Five reports divided into two categories: Operational reports Audit / Compliance reports © 2023 CyberArk Software Ltd. All rights reserved Generating PVWA Reports – Filtering Options Each type of report has differing filtering criteria © 2023 CyberArk Software Ltd. All rights reserved Scheduling PVWA Reports Reports can be run immediately, saved, or scheduled to run on a regular basis Subscribers can be added to receive notifications by email when the report is generated containing a link to the report. © 2023 CyberArk Software Ltd. All rights reserved Report Status You can use the Refresh button to see if your report has been generated. © 2023 CyberArk Software Ltd. All rights reserved Finished Reports Reports can be downloaded in Excel or CSV formats. Privileged Accounts Inventory Report Purpose Provides information about all the accounts in the system. List Accounts and View Safe Members on each Safe included Permissions Required in the report Applications Inventory Report Purpose Provides information about the application IDs in the system. Permissions Required Audit Users in the Vault. Privileged Accounts Compliance Status Report Purpose CPM status for each account (validates compliance with policy). List Accounts in all Safes that are included in the report, as well as Permissions View Audit or Confirm Safe request in Safes that are configured for dual control. Required Membership of the PVWAMonitor group. To run the report for the entire Vault: membership of the Auditors group. Entitlement Report Purpose For each user, the accounts/safes they can access in the system. Permissions Required Either Manage Users or Audit Users Vault Authorization. Activity Log Report Purpose All audit information in the Vault. User-related activities: Audit Users vault authorization. Permissions Required Safe/Account related activities: View Audit for Safes that will be included in the report. Export Vault Data Utility © 2023 CyberArk Software Ltd. All rights reserved CyberArk Export Vault Data Utility The ExportVaultData (EVD) utility exports data from the Vault to text or CSV files. From there, they can be imported into third-party applications or databases for analysis. Custom reports can then be created by third-party tools The EVD utility can be deployed on any server that has access to the Vault The usage is similar to other components © 2023 CyberArk Software Ltd. All rights reserved CyberArk Export Vault Data Utility Installation The installation package that you will receive from CyberArk includes the following: The main utility that retrieves information from the Vault and generates ExportVaultData.exe reports. The Vault parameter file which specifies the Vault where information Vault.ini will be taken. The utility that is used to create the user credentials file that enables the CreateCredFile.exe user that will retrieve information to log onto the Vault. The EVD Utility communicates with the Vault over port 1858 by default © 2023 CyberArk Software Ltd. All rights reserved CyberArk Export Vault Data Utility - Data Here is a sample list of the report data that can be exported. All values exported into the text file are enclosed within quotation marks ( “ ” ) Users List Report Files List Report Groups List Report User and Safe Activities Report Group Members List Report Master Policy Report Safes List Report System Log Report Owners List Report Requests List Report Complete descriptions of all reports can be found in the EVD Implementation Guide © 2023 CyberArk Software Ltd. All rights reserved Summary © 2023 CyberArk Software Ltd. All rights reserved Summary In this session we covered: The types of reports that are available ⎼ Reports generated in PrivateArk Client ⎼ Reports generated in PVWA The permissions required to run the different reports How to generate various reports using the PVWA and the PrivateArk Client How to generate reports using the EVD Utility © 2023 CyberArk Software Ltd. All rights reserved Documentation EVD Documentation Online Training Additional Telemetry Resources You may now complete the following exercises: Reports Generate “Privileged Accounts Inventory” report Generate “Safes List” Report and “Users List” report Generate reports using EVD cyberark.com © 2023 CyberArk Software Ltd. All rights reserved
