Auditing & Reporting
Does PrivX support usage reporting both automated and manual?
Usage information can be reviewed via the UI, the API suite can be utilised to export data to CSV to be analysed for reporting purposes or to be further manipulated for specific report generation.
Does the solution support the definition of retention times for various recording or logging features?
The retention of recordings and logs is by default set to 180 days but is fully configurable.
How does PrivX create log data on user access to target hosts?
By default, the audit events end up in file /var/log/messages
. CEF uses LOCAL6 for logging.
How do you see which user (identity) has accessed the host in host log data?
When using certificate-based authentication, the user identity is logged in the sshd logs on the target host. For example, when PrivX user ’superuser' logs in to target host as 'ec2-user’, /var/log/secure
on target host logs it as follows:
Sep 17 07:15:07 ip-172-31-49-149 sshd[21275]: Accepted publickey for ec2-user from 195.20.116.1 port 3403 ssh2: RSA-CERT ID superuser@127.0.0.1:43836 serial 1059239823051326577 (serial 1059239823051326577) CA RSA SHA256:OmlS4VhEqBoGpm9AzgSYrvOaGSJyfot3Zf2ANMoY9So
Can PrivX monitor which files were transferred?
Yes, the audit logs include file transfer events and has the info on the filename and who transferred the file. With auditing enabled, you may also download the transferred files.