Compliance Auditor Enhancements in 2.3.0-4

  • 7009837
  • 01-Dec-2011
  • 26-Apr-2012


Privileged User Manager 2.3.0 HF4


Compliance Auditor Enhancements added in 2.3.0 HF4 (2.3.0-4)

This enhancements adds the following new functionality to the Compliance Auditor:

*  Ability to pull events into the Compliance Auditor based off of 'Command Risk Level'
*  Ability to limit Framework Users to see certain events in 'Reporting' if Compliance Auditor roles are configured.

Additional Information

The below configuration will use the following names as examples:
User: Manager1
Group: Manager1 Compliance Audit
Group: Reporting-Audit

 1. Create a new Group in Framework User Manager called 'Reporting-Audit'.  On the roles tab, add the following Module and Role:

Module         Role
audit          command
audit          console
audit          read

2. Create/Edit 'Manager1 Compliance Audit' group in the Framework User Manager. On the roles tab, add the following Module and Role:
Module        Role
audit           Manager1 Compliance Audit
secaudit      Manager1 Compliance Audit
secaudit      audit
secaudit      console
auth            read
audit           report

Note: 'Manager1 Compliance Audit' will NOT be in the drop down list, you'll need to manually type these into the corresponding roles.

3.  Add desired Framework user (Manager1) as Members of Groups used in step 1 and step 2.

4. Create/edit Compliance Auditor Rule to pull in events based off of desired 'Command Risk Level'
Home | Compliance Auditor | Audit Rules | 'Manager1 Compliance Audit'

5. Reporting - Home | Reporting - Create a Report called "Manager1 Audit".  On the general tab, add the following:
Roles                                             Update
Manager1 Compliance Audit          Manager1 Compliance Audit

When a user runs a command that meets your command risk criteria, it will only pull in that event when the audit rule pulls in (which in Unit is hourly.)  Managers will only see the 'risky' events (command risk greater than or equal to 5) pulled into the compliance auditor. All the other events, they can view via the reporting console, under their own report.  They won't have rights to change any of the reports but their own within the Reporting Console.  Managers can filter by date, etc with reporting.