Auditor Manual¶
Introduction¶
The Auditor role shares the same graphical interface as the Administrator and has access to the same information available to Administrators. However, the key difference is that Auditors are restricted from making any changes to the system. They are unable to perform actions such as deleting, modifying, or connecting to a PAM target.
This document provides an overview of the specific information that an Auditor can view. For more detailed instructions regarding the complete functionality of the interface, please refer to the Administrator manual. Since Administrators have all the capabilities of Auditors, this manual will focus on the unique limitations and viewing permissions of the Auditor role.
As same as Administrator dashboard, Auditor dashboard has the same layout of sessions:
- Management: Profile, Users, Actions, Tokens, PAM, Identity Stores, Tenants, Geofences
- SAML: Service Providers, Identity Provider
- Security: OAuth Clients, Security Policies, Network Policy, Password Rotation Policy
- Insights: Statistics
- Others: Settings, About
Figure 1. Auditor Dashboard Overview
Management¶
Management - Profile¶
See User manual and Administrator Manual
Management - Users¶
Users¶
The auditors can see a list of invited users with general information. However, they can not perform actions such as deleting users in the Actions column.
Figure 2. Users list overview
Invitations¶
The auditors can see the list of invitations sent to users with general information. The action that can perform is “copy invitation link to clipboard”. They can not “reinvite a user” or “delete an invitation”.
Figure 3. Invitations list overview
Groups¶
Auditors can not perform any actions such as duplicate, delete group, editing group. However they can click on each group to see the group details.
Figure 4. Groups list overview
Management - Actions, Tokens¶
Auditor has the same functionality as Administrator and Users. Refer to User manual and Administrator manual.
Management - PAM¶
Targets¶
Auditors can only perform actions “View target details” while administrators can access, edit, duplicate and delete targets.
Figure 5.PAM targets overview
Groups¶
Auditors can only click on a group to see its details. In the action column, there is no possible actions in the Action column.
Figure 6. No actions possible in the Action column for Auditors
Sessions¶
Auditors can not perform any actions in the Action column. They can click on each target to view details as Administrator.
Figure 7. No actions possible in the Action column for Auditors
Full-Text Search¶
Auditors have the same functionalities as Administrators.
Figure 8. Full-Text Search overview
Management - Identity Stores¶
Auditors can not perform any action in the Actions column. They can not click on each Identity Stores neither.
Figure 9. No actions possible in the Action column for Auditors
Management - Tenants¶
Tenant list¶
Auditors can not perform any actions on the Action column. They can click on each target to see the details.
Figure 10. Tenant list overview
Management - Geofences¶
Geofences¶
Auditors can see the list of geofences, but can not perform any actions.
Figure 11. Geofences overview
Groups¶
Figure 12. Geofence Groups overview
SAML¶
SAML - Service Providers¶
Service Providers¶
Groups¶
SAML - Identity Provider¶
Security¶
Security - OAuth Clients¶
Figure 13. OAuth Clients overview
Security - Policies¶
Figure 14. Security Policies overview
Security - Network Policy¶
Figure 15. Network Policy overview
Security - Password Rotation Policy¶
Figure 16. Password Rotation Policy overview
Insights¶
Insights - Statistics¶
General¶
Figure 17. Statistics overview
Devices¶
Figure 18. Devices overview
Actions¶
Figure 19. Actions overview
Others¶
Others - Settings¶
Email¶
Figure 20. Email settings overview
Others - About¶
Figure 21. About overview
Suggestion for Auditor¶
A checklist for Auditors¶
During the execution phase of a PAM audit, the audit plan comes to life. The audit team systematically follows the checklist, ensuring each item aligns with the defined scope and objectives. This stage often involves interviewing stakeholders, examining system configurations, and reviewing documentation and logs to verify compliance.
- Review users access levels
- Review users actions
- Review used Tokens??
- Pam Groups, Sessions, Full-text search
- Audit Geofences settings
- Review Security policies, Rule Sets
Analyze Audit Logs with SIEM¶
It is recommended to continue Auditing logs sent to SIEM:
Analyze Your Logs The next step is to review your logs. Modern Security Information and Event Management (SIEM) tools use machine learning to spot unusual behavior and send alerts when user activity seems out of the ordinary. These tools combine data from various sources, making it easier to link user access logs with other security events. More detailed logs lead to better SIEM insights.
Look for tools that track:
- Adding or suspending privileged users
- Accessing critical or sensitive data
- Unusual activity, like large file deletions
- Changes to user roles or permissions
- Administrative updates to databases or servers
SIEM tools provide a broad overview of network activity while focusing on potential issues. They help investigate security incidents and prevent attacks by detecting abnormal traffic patterns. These tools also manage large volumes of alerts from different systems, highlighting the most critical risks. This not only saves admins time and frustration but also helps them take the right steps to address threats effectively.