PowerBroker Identity Services Report Book · 2020-07-27 · operating system. Compliance Report...
Transcript of PowerBroker Identity Services Report Book · 2020-07-27 · operating system. Compliance Report...
![Page 1: PowerBroker Identity Services Report Book · 2020-07-27 · operating system. Compliance Report Categories NIST SP800-53 (FISMA) CM-2 (Baseline Configuration) CM-8 (Information System](https://reader034.fdocuments.us/reader034/viewer/2022042810/5f988b0a7ac3970e1c343683/html5/thumbnails/1.jpg)
PowerBroker Identity Services
Report Book
![Page 2: PowerBroker Identity Services Report Book · 2020-07-27 · operating system. Compliance Report Categories NIST SP800-53 (FISMA) CM-2 (Baseline Configuration) CM-8 (Information System](https://reader034.fdocuments.us/reader034/viewer/2022042810/5f988b0a7ac3970e1c343683/html5/thumbnails/2.jpg)
Report Book 2 © 2017. BeyondTrust Software, Inc
Table of Contents
Report Title: Access Denied Events ......................................................................................................5
Report Title: Access Privilege Changes .................................................................................................6
Report Title: Access Privilege Daily Changes .........................................................................................7
Report Title: Access Privileges by Computer .........................................................................................8
Report Title: Access Privileges by User .................................................................................................9
Report Title: Account Attribute Inconsistencies .................................................................................. 10
Report Title: Accounts with Old Passwords......................................................................................... 11
Report Title: Active Directory accounts with Time or Computer restrictions ......................................... 12
Report Title: AD User Session Activity Events...................................................................................... 13
Report Title: All Events ...................................................................................................................... 14
Report Title: Audit Failure Events....................................................................................................... 15
Report Title: Audit Service Activity Reports ........................................................................................ 16
Report Title: Audit Success Events ..................................................................................................... 17
Report Title: Cell Access Report ......................................................................................................... 18
Report Title: Computer Access Report ............................................................................................... 19
Report Title: Computers By OS .......................................................................................................... 21
Report Title: Computers By OS (Summary) ......................................................................................... 22
Report Title: Computers By OS Running PBIS Services ......................................................................... 23
Report Title: Computers With Invalid DNS Name ................................................................................ 24
Report Title: Default Cell Access Report ............................................................................................. 24
Report Title: Disabled Accounts ......................................................................................................... 26
Report Title: Error Events .................................................................................................................. 27
Report Title: Failed Console Logon (Active Directory) Events ............................................................... 28
Report Title: Failed Console Logon (Local) Events ............................................................................... 28
Report Title: Failed Domain Join Events.............................................................................................. 29
Report Title: Failed Domain Leave Events ........................................................................................... 30
Report Title: Failed Group Policy Update Events ................................................................................. 31
Report Title: Failed Kerberos Refresh Events ...................................................................................... 32
Report Title: Failed Logon Events ....................................................................................................... 32
Report Title: Failed Password Change Events...................................................................................... 34
![Page 3: PowerBroker Identity Services Report Book · 2020-07-27 · operating system. Compliance Report Categories NIST SP800-53 (FISMA) CM-2 (Baseline Configuration) CM-8 (Information System](https://reader034.fdocuments.us/reader034/viewer/2022042810/5f988b0a7ac3970e1c343683/html5/thumbnails/3.jpg)
Report Book 3 © 2017. BeyondTrust Software, Inc
Report Title: Failed PowerBroker Services Events ............................................................................... 35
Report Title: Failed Smartcard Logon Events....................................................................................... 36
Report Title: Failed SSH Logon (Active Directory) Events ..................................................................... 36
Report Title: Failed SSH Logon (Local) Events...................................................................................... 37
Report Title: Failed Sudo Access Events.............................................................................................. 39
Report Title: Group Access Report ..................................................................................................... 40
Report Title: Group List ..................................................................................................................... 41
Report Title: Group Policy Error Events .............................................................................................. 42
Report Title: Inactive Computers ....................................................................................................... 43
Report Title: Inactive Users ............................................................................................................... 44
Report Title: Inactive Users Over 90 days ........................................................................................... 45
Report Title: Information Events ........................................................................................................ 46
Report Title: Logon Activity Report .................................................................................................... 47
Report Title: Network Status Offline Events........................................................................................ 48
Report Title: Network Status Online Events ........................................................................................ 49
Report Title: PBUL – All Command Activity Events .............................................................................. 49
Report Title: PBUL – All Command Completion Events ........................................................................ 50
Report Title: PBUL – All Events........................................................................................................... 52
Report Title: PBUL Accepted Command Events ................................................................................... 53
Report Title: PBUL Detected Keystroke Events.................................................................................... 54
Report Title: PBUL Finish Failed Events............................................................................................... 55
Report Title: PBUL Finish Successful Events ........................................................................................ 57
Report Title: PBUL Rejected Command Events.................................................................................... 58
Report Title: PowerBroker Access Restriction Changes Reports ........................................................... 60
Report Title: Root Logon Events......................................................................................................... 62
Report Title: Root Logon Failure Events.............................................................................................. 63
Report Title: Root Logon Success Events ............................................................................................ 64
Report Title: Security Policies ............................................................................................................ 65
Report Title: Successful Console Logon (Active Directory) Events......................................................... 67
Report Title: Successful Console Logon (Local) Events ......................................................................... 68
Report Title: Successful Domain Join Events ....................................................................................... 69
Report Title: Successful Domain Leave Events .................................................................................... 70
Report Title: Successful Group Policy Update Events........................................................................... 71
![Page 4: PowerBroker Identity Services Report Book · 2020-07-27 · operating system. Compliance Report Categories NIST SP800-53 (FISMA) CM-2 (Baseline Configuration) CM-8 (Information System](https://reader034.fdocuments.us/reader034/viewer/2022042810/5f988b0a7ac3970e1c343683/html5/thumbnails/4.jpg)
Report Book 4 © 2017. BeyondTrust Software, Inc
Report Title: Successful Kerberos Refresh Events ................................................................................ 72
Report Title: Successful Logon Events ................................................................................................ 73
Report Title: Successful Password Change Events ............................................................................... 74
Report Title: Successful Smartcard Logon Events ................................................................................ 75
Report Title: Successful SSH Logon (Active Directory) Events ............................................................... 76
Report Title: Successful SSH Logon (Local) Events ............................................................................... 77
Report Title: Successful Sudo Access Events ....................................................................................... 78
Report Title: Sudo Command Events .................................................................................................. 79
Report Title: Sudo GPO Settings......................................................................................................... 80
Report Title: System Log Error Events ................................................................................................ 81
Report Title: System Log Information Events ...................................................................................... 82
Report Title: System Log Warning Events ........................................................................................... 83
Report Title: Temporary Accounts ..................................................................................................... 84
Report Title: User Access Report........................................................................................................ 85
Report Title: User List........................................................................................................................ 87
Report Title: Users With Non-Expiring Passwords ............................................................................... 88
Report Title: Warning Events ............................................................................................................. 89
About BeyondTrust........................................................................................................................... 90
![Page 5: PowerBroker Identity Services Report Book · 2020-07-27 · operating system. Compliance Report Categories NIST SP800-53 (FISMA) CM-2 (Baseline Configuration) CM-8 (Information System](https://reader034.fdocuments.us/reader034/viewer/2022042810/5f988b0a7ac3970e1c343683/html5/thumbnails/5.jpg)
Report Book 5 © 2017. BeyondTrust Software, Inc
Report Title: Access Denied Events
REPORT DESCRIPTION:
This report displays all access denied events.
Compliance Report Categories
NIST SP800-53 (FISMA)
AC-3 (Access Enforcement)
PCI
7.1 – Account access restrictions requirement
SOX Section 404
Monitoring
General Report Categories
PowerBroker Event Reports
![Page 6: PowerBroker Identity Services Report Book · 2020-07-27 · operating system. Compliance Report Categories NIST SP800-53 (FISMA) CM-2 (Baseline Configuration) CM-8 (Information System](https://reader034.fdocuments.us/reader034/viewer/2022042810/5f988b0a7ac3970e1c343683/html5/thumbnails/6.jpg)
Report Book 6 © 2017. BeyondTrust Software, Inc
Report Title: Access Privilege Changes
REPORT DESCRIPTION:
This report displays the account changes by user name and date range.
Compliance Report Categories
NIST SP800-53 (FISMA)
AC-3 (Access Enforcement)
IA-2 (Organizational Users)
PCI
7.2 – Account access Restriction Mechanism Requirement
8.5.4 – Terminated employees requirement
SOX Section 404
Monitoring
General Report Categories
Entitlement Report
![Page 7: PowerBroker Identity Services Report Book · 2020-07-27 · operating system. Compliance Report Categories NIST SP800-53 (FISMA) CM-2 (Baseline Configuration) CM-8 (Information System](https://reader034.fdocuments.us/reader034/viewer/2022042810/5f988b0a7ac3970e1c343683/html5/thumbnails/7.jpg)
Report Book 7 © 2017. BeyondTrust Software, Inc
Report Title: Access Privilege Daily Changes
REPORT DESCRIPTION:
This report displays the account changes by user name since 12 AM.
Compliance Report Categories
NIST SP800-53 (FISMA)
AC-3 (Access Enforcement)
IA-4 (Identifier Management)
SOX Section 404
Monitoring
General Report Categories
Entitlement Report
![Page 8: PowerBroker Identity Services Report Book · 2020-07-27 · operating system. Compliance Report Categories NIST SP800-53 (FISMA) CM-2 (Baseline Configuration) CM-8 (Information System](https://reader034.fdocuments.us/reader034/viewer/2022042810/5f988b0a7ac3970e1c343683/html5/thumbnails/8.jpg)
Report Book 8 © 2017. BeyondTrust Software, Inc
Report Title: Access Privileges by Computer
REPORT DESCRIPTION:
This report displays accounts by computer and date range.
Compliance Report Categories
NIST SP800-53 (FISMA)
AC-2 (Account Management)
IA-3 (Device Identification and Authentication)
PCI
7.1 – Account access restrictions requirement
8.2 – User account authentication methods requirement
SOX Section 404
Monitoring
General Report Categories
Entitlement Report
![Page 9: PowerBroker Identity Services Report Book · 2020-07-27 · operating system. Compliance Report Categories NIST SP800-53 (FISMA) CM-2 (Baseline Configuration) CM-8 (Information System](https://reader034.fdocuments.us/reader034/viewer/2022042810/5f988b0a7ac3970e1c343683/html5/thumbnails/9.jpg)
Report Book 9 © 2017. BeyondTrust Software, Inc
Report Title: Access Privileges by User
REPORT DESCRIPTION:
This report displays account by user name and date range.
Compliance Report Categories
NIST SP800-53 (FISMA)
AC-2 (Account Management)
AC-3 (Access Enforcement)
IA-2 (Organizational Users)
PCI
7.1 – Account access restrictions requirement
8.2 – User account authentication methods requirement
SOX Section 404
Monitoring
General Report Categories
Entitlement Report
![Page 10: PowerBroker Identity Services Report Book · 2020-07-27 · operating system. Compliance Report Categories NIST SP800-53 (FISMA) CM-2 (Baseline Configuration) CM-8 (Information System](https://reader034.fdocuments.us/reader034/viewer/2022042810/5f988b0a7ac3970e1c343683/html5/thumbnails/10.jpg)
Report Book 10 © 2017. BeyondTrust Software, Inc
Report Title: Account Attribute Inconsistencies
REPORT DESCRIPTION:
This report displays account with inconsistent multiple identities.
Compliance Report Categories
NIST SP800-53 (FISMA)
IA-4 (Identifier Management)
PCI
8.1 – User accounts with unique IDs requirement
SOX Section 404
Ensure systems security
General Report Categories
Entitlement Report
![Page 11: PowerBroker Identity Services Report Book · 2020-07-27 · operating system. Compliance Report Categories NIST SP800-53 (FISMA) CM-2 (Baseline Configuration) CM-8 (Information System](https://reader034.fdocuments.us/reader034/viewer/2022042810/5f988b0a7ac3970e1c343683/html5/thumbnails/11.jpg)
Report Book 11 © 2017. BeyondTrust Software, Inc
Report Title: Accounts with Old Passwords
REPORT DESCRIPTION:
This report displays information about user accounts with old passwords.
Compliance Report Categories
NIST SP800-53 (FISMA)
AC-1 (Access Control Policy and Procedures)
PCI
8.5.9 (Passwords changed every 90 days requirement
General Report Categories
Inventory Reporting
Users
![Page 12: PowerBroker Identity Services Report Book · 2020-07-27 · operating system. Compliance Report Categories NIST SP800-53 (FISMA) CM-2 (Baseline Configuration) CM-8 (Information System](https://reader034.fdocuments.us/reader034/viewer/2022042810/5f988b0a7ac3970e1c343683/html5/thumbnails/12.jpg)
Report Book 12 © 2017. BeyondTrust Software, Inc
Report Title: Active Directory accounts with Time or Computer restrictions
REPORT DESCRIPTION:
This report information about restricted user accounts.
Compliance Report Categories
NIST SP800-53 (FISMA)
AC-2 (Account Management)
AC-3 (Access Enforcement)
PCI
8.5.6 (Vendor account access requirement)
General Report Categories
Inventory Reporting
Users
![Page 13: PowerBroker Identity Services Report Book · 2020-07-27 · operating system. Compliance Report Categories NIST SP800-53 (FISMA) CM-2 (Baseline Configuration) CM-8 (Information System](https://reader034.fdocuments.us/reader034/viewer/2022042810/5f988b0a7ac3970e1c343683/html5/thumbnails/13.jpg)
Report Book 13 © 2017. BeyondTrust Software, Inc
Report Title: AD User Session Activity Events
REPORT DESCRIPTION:
This report displays Active Directory user account session initialization and termination activity events.
Compliance Report Categories
NIST SP800-53 (FISMA)
AC-8 (System Use Notification)
AC-14 (Session Audit)
SOX Section 404
Monitoring
General Report Categories
PowerBroker Events Reporting
![Page 14: PowerBroker Identity Services Report Book · 2020-07-27 · operating system. Compliance Report Categories NIST SP800-53 (FISMA) CM-2 (Baseline Configuration) CM-8 (Information System](https://reader034.fdocuments.us/reader034/viewer/2022042810/5f988b0a7ac3970e1c343683/html5/thumbnails/14.jpg)
Report Book 14 © 2017. BeyondTrust Software, Inc
Report Title: All Events
REPORT DESCRIPTION:
This report displays all events.
Compliance Report Categories
NIST SP800-53 (FISMA)
AU-3 (Content of Audit Records)
AU-6 (Audit Review, Analysis, and Reporting)
SOX Section 404
Monitoring
General Report Categories
PowerBroker Event Reporting
![Page 15: PowerBroker Identity Services Report Book · 2020-07-27 · operating system. Compliance Report Categories NIST SP800-53 (FISMA) CM-2 (Baseline Configuration) CM-8 (Information System](https://reader034.fdocuments.us/reader034/viewer/2022042810/5f988b0a7ac3970e1c343683/html5/thumbnails/15.jpg)
Report Book 15 © 2017. BeyondTrust Software, Inc
Report Title: Audit Failure Events
REPORT DESCRIPTION:
This report displays all audit failure events.
Compliance Report Categories
NIST SP800-53 (FISMA)
AU-2 (Auditable Events)
AU-6 (Audit Review, Analysis, and Reporting)
AU-12 (Audit Generation)
SOX Section 404
Monitoring
General Report Categories
PowerBroker Events Reporting
![Page 16: PowerBroker Identity Services Report Book · 2020-07-27 · operating system. Compliance Report Categories NIST SP800-53 (FISMA) CM-2 (Baseline Configuration) CM-8 (Information System](https://reader034.fdocuments.us/reader034/viewer/2022042810/5f988b0a7ac3970e1c343683/html5/thumbnails/16.jpg)
Report Book 16 © 2017. BeyondTrust Software, Inc
Report Title: Audit Service Activity Reports
REPORT DESCRIPTION:
This report displays audit service activity events.
Compliance Report Categories
NIST SP800-53 (FISMA)
AU-5 (Response to Audit Processing Failures)
AU-12 (Audit Generation)
PCI
10.1 (Auditing: Verify that auditing trails are active requirement)
10.2.6 (Auditing: Service start and stop activity reporting requirement)
SOX Section 404
Monitoring
General Report Categories
PowerBroker Events Reporting
![Page 17: PowerBroker Identity Services Report Book · 2020-07-27 · operating system. Compliance Report Categories NIST SP800-53 (FISMA) CM-2 (Baseline Configuration) CM-8 (Information System](https://reader034.fdocuments.us/reader034/viewer/2022042810/5f988b0a7ac3970e1c343683/html5/thumbnails/17.jpg)
Report Book 17 © 2017. BeyondTrust Software, Inc
Report Title: Audit Success Events
REPORT DESCRIPTION:
This report displays audit success events.
Compliance Report Categories
NIST SP800-53 (FISMA)
AU-2 (Auditable Events)
AU-6 (Audit Review, Analysis, and Reporting)
AU-12 (Audit Generation)
SOX Section 404
Monitoring
General Report Categories
PowerBroker Events Reporting
![Page 18: PowerBroker Identity Services Report Book · 2020-07-27 · operating system. Compliance Report Categories NIST SP800-53 (FISMA) CM-2 (Baseline Configuration) CM-8 (Information System](https://reader034.fdocuments.us/reader034/viewer/2022042810/5f988b0a7ac3970e1c343683/html5/thumbnails/18.jpg)
Report Book 18 © 2017. BeyondTrust Software, Inc
Report Title: Cell Access Report
REPORT DESCRIPTION:
This report displays PowerBroker cells and the computers, user accounts, and group accounts that are
members in the cell. Duplicate IDs in each cell are also displayed.
Compliance Report Categories
NIST SP800-53 (FISMA)
AC-1 (Access Control Policy and Procedures)
AC-2 (Account Management)
AC-3 (Access Enforcement)
AC-5 (Separation of Duties)
AC-6 (Least Privilege)
AC-14 (Permitted Actions without Identification or Authentication)
IA-2 (Organizational Users)
IA-4 (Identifier Management)
SOX Section 404
Ensure systems security
General Report Categories
PowerBroker Identity Services Access Control Reporting
![Page 19: PowerBroker Identity Services Report Book · 2020-07-27 · operating system. Compliance Report Categories NIST SP800-53 (FISMA) CM-2 (Baseline Configuration) CM-8 (Information System](https://reader034.fdocuments.us/reader034/viewer/2022042810/5f988b0a7ac3970e1c343683/html5/thumbnails/19.jpg)
Report Book 19 © 2017. BeyondTrust Software, Inc
Report Title: Computer Access Report
REPORT DESCRIPTION:
This report displays computer information and the user accounts that can access the computer.
Compliance Report Categories
NIST SP800-53 (FISMA)
AC-1 (Access Control Policy and Procedures)
AC-2 (Account Management)
AC-3 (Access Enforcement)
AC-14 (Permitted Actions without Identification or Authentication)
IA-2 (Organizational Users)
IA-3 (Device Identification and Authentication)
SOX Section 404
![Page 20: PowerBroker Identity Services Report Book · 2020-07-27 · operating system. Compliance Report Categories NIST SP800-53 (FISMA) CM-2 (Baseline Configuration) CM-8 (Information System](https://reader034.fdocuments.us/reader034/viewer/2022042810/5f988b0a7ac3970e1c343683/html5/thumbnails/20.jpg)
Report Book 20 © 2017. BeyondTrust Software, Inc
Ensure systems security
General Report Categories
PowerBroker Identity Services Access Control Reporting
![Page 21: PowerBroker Identity Services Report Book · 2020-07-27 · operating system. Compliance Report Categories NIST SP800-53 (FISMA) CM-2 (Baseline Configuration) CM-8 (Information System](https://reader034.fdocuments.us/reader034/viewer/2022042810/5f988b0a7ac3970e1c343683/html5/thumbnails/21.jpg)
Report Book 21 © 2017. BeyondTrust Software, Inc
Report Title: Computers By OS
REPORT DESCRIPTION:
This report displays computers joined to Active Directory, grouped by operating system.
Compliance Report Categories
NIST SP800-53 (FISMA)
CM-2 (Baseline Configuration)
CM-8 (Information System Component Inventory)
IA-3 (Device Identification and Authentication)
PCI
10.2.5 (Auditing: Use of identification and authentication mechanisms)
General Report Categories
Inventory reporting
![Page 22: PowerBroker Identity Services Report Book · 2020-07-27 · operating system. Compliance Report Categories NIST SP800-53 (FISMA) CM-2 (Baseline Configuration) CM-8 (Information System](https://reader034.fdocuments.us/reader034/viewer/2022042810/5f988b0a7ac3970e1c343683/html5/thumbnails/22.jpg)
Report Book 22 © 2017. BeyondTrust Software, Inc
Report Title: Computers By OS (Summary)
REPORT DESCRIPTION:
This report displays the number of computers joined to Active Directory that are running PBIS services.
Compliance Report Categories
NIST SP800-53 (FISMA)
CM-2 (Baseline Configuration)
CM-8 (Information System Component Inventory)
PCI
10.2.5 (Auditing: Use of identification and authentication mechanisms)
General Report Categories
Inventory reporting (Computers)
![Page 23: PowerBroker Identity Services Report Book · 2020-07-27 · operating system. Compliance Report Categories NIST SP800-53 (FISMA) CM-2 (Baseline Configuration) CM-8 (Information System](https://reader034.fdocuments.us/reader034/viewer/2022042810/5f988b0a7ac3970e1c343683/html5/thumbnails/23.jpg)
Report Book 23 © 2017. BeyondTrust Software, Inc
Report Title: Computers By OS Running PBIS Services
REPORT DESCRIPTION:
This report displays the computers joined to Active Directory running PBIS services, grouped by operating system.
Compliance Report Categories
NIST SP800-53 (FISMA)
CM-2 (Baseline Configuration)
CM-8 (Information System Component Inventory)
PCI
10.2.5 (Auditing: Use of identification and authentication mechanisms)
General Report Categories
Inventory reporting (Computers)
![Page 24: PowerBroker Identity Services Report Book · 2020-07-27 · operating system. Compliance Report Categories NIST SP800-53 (FISMA) CM-2 (Baseline Configuration) CM-8 (Information System](https://reader034.fdocuments.us/reader034/viewer/2022042810/5f988b0a7ac3970e1c343683/html5/thumbnails/24.jpg)
Report Book 24 © 2017. BeyondTrust Software, Inc
Report Title: Computers With Invalid DNS Name
REPORT DESCRIPTION:
This report displays computers that appear to have an invalid DNS domain name.
General Report Categories
Inventory reporting
Computers
Report Title: Default Cell Access Report
REPORT DESCRIPTION:
This report displays information about the PowerBroker default cell, including: computers, user account,
and groups that are members in the default cell. Duplicate IDs are also included.
Compliance Report Categories
NIST SP800-53 (FISMA)
AC-2 (Account Management)
AC-3 (Access Enforcement)
AC-5 (Separation of Duties)
IA-2 (Organization Users)
![Page 25: PowerBroker Identity Services Report Book · 2020-07-27 · operating system. Compliance Report Categories NIST SP800-53 (FISMA) CM-2 (Baseline Configuration) CM-8 (Information System](https://reader034.fdocuments.us/reader034/viewer/2022042810/5f988b0a7ac3970e1c343683/html5/thumbnails/25.jpg)
Report Book 25 © 2017. BeyondTrust Software, Inc
IA-4 (Identifier Management)
SOX Section 404
Ensure systems security
General Report Categories
PowerBroker Identity Services Access Control reporting
![Page 26: PowerBroker Identity Services Report Book · 2020-07-27 · operating system. Compliance Report Categories NIST SP800-53 (FISMA) CM-2 (Baseline Configuration) CM-8 (Information System](https://reader034.fdocuments.us/reader034/viewer/2022042810/5f988b0a7ac3970e1c343683/html5/thumbnails/26.jpg)
Report Book 26 © 2017. BeyondTrust Software, Inc
Report Title: Disabled Accounts
REPORT DESCRIPTION:
This report displays information about disabled user accounts.
Compliance Report Categories
NIST SP800-53 (FISMA)
AC-2 (Account Management)
AC-3 (Access Enforcement)
PCI
8.5.4 – Terminated employees requirement
SOX Section 404
Monitoring
General Report Categories
Inventory reporting (Users)
![Page 27: PowerBroker Identity Services Report Book · 2020-07-27 · operating system. Compliance Report Categories NIST SP800-53 (FISMA) CM-2 (Baseline Configuration) CM-8 (Information System](https://reader034.fdocuments.us/reader034/viewer/2022042810/5f988b0a7ac3970e1c343683/html5/thumbnails/27.jpg)
Report Book 27 © 2017. BeyondTrust Software, Inc
Report Title: Error Events
REPORT DESCRIPTION:
This report displays all error events.
Compliance Report Categories
NIST SP800-53 (FISMA)
AU-6 (Audit Review, Analysis, and Reporting)
SOX Section 404
Monitoring
General Report Categories
PowerBroker Events reporting
![Page 28: PowerBroker Identity Services Report Book · 2020-07-27 · operating system. Compliance Report Categories NIST SP800-53 (FISMA) CM-2 (Baseline Configuration) CM-8 (Information System](https://reader034.fdocuments.us/reader034/viewer/2022042810/5f988b0a7ac3970e1c343683/html5/thumbnails/28.jpg)
Report Book 28 © 2017. BeyondTrust Software, Inc
Report Title: Failed Console Logon (Active Directory) Events
REPORT DESCRIPTION:
This report displays Active Directory account logon failures.
Compliance Report Categories
NIST SP800-53 (FISMA)
IA-2 (Organizational Users)
SOX Section 404
Monitoring
General Report Categories
PowerBroker Event Reports
Report Title: Failed Console Logon (Local) Events
REPORT DESCRIPTION:
This report displays information about failed logon attempts using a local account.
Compliance Report Categories
SOX Section 404
Monitoring
General Report Categories
PowerBroker Event Reports
![Page 29: PowerBroker Identity Services Report Book · 2020-07-27 · operating system. Compliance Report Categories NIST SP800-53 (FISMA) CM-2 (Baseline Configuration) CM-8 (Information System](https://reader034.fdocuments.us/reader034/viewer/2022042810/5f988b0a7ac3970e1c343683/html5/thumbnails/29.jpg)
Report Book 29 © 2017. BeyondTrust Software, Inc
Report Title: Failed Domain Join Events
REPORT DESCRIPTION:
This report displays domain join failures.
Compliance Report Categories
SOX Section 404
Monitoring
General Report Categories
PowerBroker Event Reports
![Page 30: PowerBroker Identity Services Report Book · 2020-07-27 · operating system. Compliance Report Categories NIST SP800-53 (FISMA) CM-2 (Baseline Configuration) CM-8 (Information System](https://reader034.fdocuments.us/reader034/viewer/2022042810/5f988b0a7ac3970e1c343683/html5/thumbnails/30.jpg)
Report Book 30 © 2017. BeyondTrust Software, Inc
Report Title: Failed Domain Leave Events
REPORT DESCRIPTION:
This report displays information about domain leave failures.
Compliance Report Categories
SOX Section 404
Monitoring
General Report Categories
PowerBroker Event Reports
![Page 31: PowerBroker Identity Services Report Book · 2020-07-27 · operating system. Compliance Report Categories NIST SP800-53 (FISMA) CM-2 (Baseline Configuration) CM-8 (Information System](https://reader034.fdocuments.us/reader034/viewer/2022042810/5f988b0a7ac3970e1c343683/html5/thumbnails/31.jpg)
Report Book 31 © 2017. BeyondTrust Software, Inc
Report Title: Failed Group Policy Update Events
REPORT DESCRIPTION:
This report displays Group Policy update failure events.
Compliance Report Categories
NIST SP800-53 (FISMA)
AC-4 (Information Flow Enforcement)
CM-3 (Configuration Change Control)
CM-6 (Configuration Settings)
PCI
10.2.4 (Auditing: Invalid logical access)
SOX Section 404
Monitoring
General Report Categories
PowerBroker Event Reports
![Page 32: PowerBroker Identity Services Report Book · 2020-07-27 · operating system. Compliance Report Categories NIST SP800-53 (FISMA) CM-2 (Baseline Configuration) CM-8 (Information System](https://reader034.fdocuments.us/reader034/viewer/2022042810/5f988b0a7ac3970e1c343683/html5/thumbnails/32.jpg)
Report Book 32 © 2017. BeyondTrust Software, Inc
Report Title: Failed Kerberos Refresh Events
REPORT DESCRIPTION:
This report displays information Kerberos refresh attempts that failed.
Compliance Report Categories
PCI
10.2.4 (Auditing: Invalid logical access)
SOX Section 404
Monitoring
General Report Categories
PowerBroker Event Reports
Report Title: Failed Logon Events
REPORT DESCRIPTION:
This report displays logon attempt failures.
Compliance Report Categories
NIST SP800-53 (FISMA)
AC-7 (Unsuccessful Login Attempts)
PCI
10.2.4 (Auditing: Invalid logical access)
SOX Section 404
Monitoring
General Report Categories
PowerBroker Event Reports
![Page 33: PowerBroker Identity Services Report Book · 2020-07-27 · operating system. Compliance Report Categories NIST SP800-53 (FISMA) CM-2 (Baseline Configuration) CM-8 (Information System](https://reader034.fdocuments.us/reader034/viewer/2022042810/5f988b0a7ac3970e1c343683/html5/thumbnails/33.jpg)
Report Book 33 © 2017. BeyondTrust Software, Inc
![Page 34: PowerBroker Identity Services Report Book · 2020-07-27 · operating system. Compliance Report Categories NIST SP800-53 (FISMA) CM-2 (Baseline Configuration) CM-8 (Information System](https://reader034.fdocuments.us/reader034/viewer/2022042810/5f988b0a7ac3970e1c343683/html5/thumbnails/34.jpg)
Report Book 34 © 2017. BeyondTrust Software, Inc
Report Title: Failed Password Change Events
REPORT DESCRIPTION:
This report displays password change attempts on computers.
Compliance Report Categories
PCI
10.2.4 (Auditing: Invalid logical access)
SOX Section 404
Monitoring
General Report Categories
PowerBroker Event Reports
![Page 35: PowerBroker Identity Services Report Book · 2020-07-27 · operating system. Compliance Report Categories NIST SP800-53 (FISMA) CM-2 (Baseline Configuration) CM-8 (Information System](https://reader034.fdocuments.us/reader034/viewer/2022042810/5f988b0a7ac3970e1c343683/html5/thumbnails/35.jpg)
Report Book 35 © 2017. BeyondTrust Software, Inc
Report Title: Failed PowerBroker Services Events
REPORT DESCRIPTION:
This report displays information about PowerBroker Services events that failed.
Compliance Report Categories
NIST SP800-53 (FISMA)
AU-12 (Audit Generation)
PCI
10.2.4 (Auditing: Invalid logical access)
SOX Section 404
Monitoring
General Report Categories
PowerBroker Event Reports
![Page 36: PowerBroker Identity Services Report Book · 2020-07-27 · operating system. Compliance Report Categories NIST SP800-53 (FISMA) CM-2 (Baseline Configuration) CM-8 (Information System](https://reader034.fdocuments.us/reader034/viewer/2022042810/5f988b0a7ac3970e1c343683/html5/thumbnails/36.jpg)
Report Book 36 © 2017. BeyondTrust Software, Inc
Report Title: Failed Smartcard Logon Events
REPORT DESCRIPTION:
This report displays Smart Card logon failures.
Compliance Report Categories
NIST SP800-53 (FISMA)
AC-7 (Unsuccessful Login Attempts)
IA-2 (Organizational Users)
PCI
10.2.4 (Auditing: Invalid logical access)
SOX Section 404
Monitoring
General Report Categories
PowerBroker Event Reports
Report Title: Failed SSH Logon (Active Directory) Events
REPORT DESCRIPTION:
This report displays SSH logon failures using an Active Directory account.
Compliance Report Categories
NIST SP800-53 (FISMA)
AC-7 (Unsuccessful Login Attempts)
AC-17 (Remote Access)
IA-2 (Organizational Users)
SOX Section 404
Monitoring
![Page 37: PowerBroker Identity Services Report Book · 2020-07-27 · operating system. Compliance Report Categories NIST SP800-53 (FISMA) CM-2 (Baseline Configuration) CM-8 (Information System](https://reader034.fdocuments.us/reader034/viewer/2022042810/5f988b0a7ac3970e1c343683/html5/thumbnails/37.jpg)
Report Book 37 © 2017. BeyondTrust Software, Inc
Report Title: Failed SSH Logon (Local) Events
REPORT DESCRIPTION:
This report displays SSH logon failures using a local account.
Compliance Report Categories
NIST SP800-53 (FISMA)
AC-7 (Unsuccessful Login Attempts)
AC-17 (Remote Access)
IA-2 (Organizational Users)
SOX Section 404
Monitoring
![Page 38: PowerBroker Identity Services Report Book · 2020-07-27 · operating system. Compliance Report Categories NIST SP800-53 (FISMA) CM-2 (Baseline Configuration) CM-8 (Information System](https://reader034.fdocuments.us/reader034/viewer/2022042810/5f988b0a7ac3970e1c343683/html5/thumbnails/38.jpg)
Report Book 38 © 2017. BeyondTrust Software, Inc
![Page 39: PowerBroker Identity Services Report Book · 2020-07-27 · operating system. Compliance Report Categories NIST SP800-53 (FISMA) CM-2 (Baseline Configuration) CM-8 (Information System](https://reader034.fdocuments.us/reader034/viewer/2022042810/5f988b0a7ac3970e1c343683/html5/thumbnails/39.jpg)
Report Book 39 © 2017. BeyondTrust Software, Inc
Report Title: Failed Sudo Access Events
REPORT DESCRIPTION:
This report displays Sudo access failures on computers.
Compliance Report Categories
NIST SP800-53 (FISMA)
AC-3 (Access Enforcement)
AC-4 (Information Flow Enforcement)
AC-7 (Unsuccessful Login Attempts)
PCI
7.1 (Account access restrictions requirement)
10.2.2 (Auditing: Tracking root and administrative privileges requirement)
SOX Section 404
Monitoring
General Report Categories
PowerBroker Event Reports
![Page 40: PowerBroker Identity Services Report Book · 2020-07-27 · operating system. Compliance Report Categories NIST SP800-53 (FISMA) CM-2 (Baseline Configuration) CM-8 (Information System](https://reader034.fdocuments.us/reader034/viewer/2022042810/5f988b0a7ac3970e1c343683/html5/thumbnails/40.jpg)
Report Book 40 © 2017. BeyondTrust Software, Inc
Report Title: Group Access Report
REPORT DESCRIPTION:
This report displays Active Directory groups and the PowerBroker cells where they are members.
![Page 41: PowerBroker Identity Services Report Book · 2020-07-27 · operating system. Compliance Report Categories NIST SP800-53 (FISMA) CM-2 (Baseline Configuration) CM-8 (Information System](https://reader034.fdocuments.us/reader034/viewer/2022042810/5f988b0a7ac3970e1c343683/html5/thumbnails/41.jpg)
Report Book 41 © 2017. BeyondTrust Software, Inc
Report Title: Group List
REPORT DESCRIPTION:
This report displays all Active Directory groups and the group members.
![Page 42: PowerBroker Identity Services Report Book · 2020-07-27 · operating system. Compliance Report Categories NIST SP800-53 (FISMA) CM-2 (Baseline Configuration) CM-8 (Information System](https://reader034.fdocuments.us/reader034/viewer/2022042810/5f988b0a7ac3970e1c343683/html5/thumbnails/42.jpg)
Report Book 42 © 2017. BeyondTrust Software, Inc
Report Title: Group Policy Error Events
REPORT DESCRIPTION:
This report displays Group Policy errors.
Compliance Report Categories
SOX
Monitoring
General Report Categories
Inventory reporting
Group Policy Objects
PowerBroker Event Reporting
![Page 43: PowerBroker Identity Services Report Book · 2020-07-27 · operating system. Compliance Report Categories NIST SP800-53 (FISMA) CM-2 (Baseline Configuration) CM-8 (Information System](https://reader034.fdocuments.us/reader034/viewer/2022042810/5f988b0a7ac3970e1c343683/html5/thumbnails/43.jpg)
Report Book 43 © 2017. BeyondTrust Software, Inc
Report Title: Inactive Computers
REPORT DESCRIPTION:
This report display inactive computers. Inactivity is based on passwords not changed after more than 90
days.
Compliance Report Categories
NIST SP800-53 (FISMA)
IA-3 (Device Identification and Authentication)
General Report Categories
Inventory
Computers
![Page 44: PowerBroker Identity Services Report Book · 2020-07-27 · operating system. Compliance Report Categories NIST SP800-53 (FISMA) CM-2 (Baseline Configuration) CM-8 (Information System](https://reader034.fdocuments.us/reader034/viewer/2022042810/5f988b0a7ac3970e1c343683/html5/thumbnails/44.jpg)
Report Book 44 © 2017. BeyondTrust Software, Inc
Report Title: Inactive Users
REPORT DESCRIPTION:
This report displays inactive user accounts within the last 90 days.
Compliance Report Categories
NIST SP800-53 (FISMA)
AC-2 (Account Management)
PCI
8.5.4 (Terminated employees requirement)
General Report Categories
Inventory
Users
![Page 45: PowerBroker Identity Services Report Book · 2020-07-27 · operating system. Compliance Report Categories NIST SP800-53 (FISMA) CM-2 (Baseline Configuration) CM-8 (Information System](https://reader034.fdocuments.us/reader034/viewer/2022042810/5f988b0a7ac3970e1c343683/html5/thumbnails/45.jpg)
Report Book 45 © 2017. BeyondTrust Software, Inc
Report Title: Inactive Users Over 90 days
REPORT DESCRIPTION:
This report displays inactive user accounts (no activity for more than 90 days).
Compliance Report Categories
NIST SP800-53 (FISMA)
AC-2 (Account Management)
PCI
8.5.5 (No inactive account over 90 days old requirement
General Report Categories
Inventory
Users
![Page 46: PowerBroker Identity Services Report Book · 2020-07-27 · operating system. Compliance Report Categories NIST SP800-53 (FISMA) CM-2 (Baseline Configuration) CM-8 (Information System](https://reader034.fdocuments.us/reader034/viewer/2022042810/5f988b0a7ac3970e1c343683/html5/thumbnails/46.jpg)
Report Book 46 © 2017. BeyondTrust Software, Inc
Report Title: Information Events
REPORT DESCRIPTION:
This report display events that are Information only.
Compliance Report Categories
NIST SP800-53 (FISMA)
AU-6 (Audit Review, Analysis, and Reporting)
SOX Section 404
Monitoring
General Report Categories
PowerBroker Event Reports
![Page 47: PowerBroker Identity Services Report Book · 2020-07-27 · operating system. Compliance Report Categories NIST SP800-53 (FISMA) CM-2 (Baseline Configuration) CM-8 (Information System](https://reader034.fdocuments.us/reader034/viewer/2022042810/5f988b0a7ac3970e1c343683/html5/thumbnails/47.jpg)
Report Book 47 © 2017. BeyondTrust Software, Inc
Report Title: Logon Activity Report
REPORT DESCRIPTION:
This report displays the number of logon activities.
Compliance Report Categories
NIST SP800-53 (FISMA)
AC-3 (Access Enforcement)
AC-4 (Information Flow Enforcement)
AU-14 (Session Audit)
IA-2 (Organizational Users)
PCI
8.2 (User account authentication methods requirement)
SOX Section 404
Monitoring
General Report Categories
PowerBroker Event Reports
![Page 48: PowerBroker Identity Services Report Book · 2020-07-27 · operating system. Compliance Report Categories NIST SP800-53 (FISMA) CM-2 (Baseline Configuration) CM-8 (Information System](https://reader034.fdocuments.us/reader034/viewer/2022042810/5f988b0a7ac3970e1c343683/html5/thumbnails/48.jpg)
Report Book 48 © 2017. BeyondTrust Software, Inc
Report Title: Network Status Offline Events
REPORT DESCRIPTION:
This report displays network status offline events.
Compliance Report Categories
SOX Section 404
Monitoring
General Report Categories
PowerBroker Event Reports
![Page 49: PowerBroker Identity Services Report Book · 2020-07-27 · operating system. Compliance Report Categories NIST SP800-53 (FISMA) CM-2 (Baseline Configuration) CM-8 (Information System](https://reader034.fdocuments.us/reader034/viewer/2022042810/5f988b0a7ac3970e1c343683/html5/thumbnails/49.jpg)
Report Book 49 © 2017. BeyondTrust Software, Inc
Report Title: Network Status Online Events
REPORT DESCRIPTION:
This report displays online network status events.
Compliance Report Categories
SOX Section 404
Monitoring
General Report Categories
PowerBroker Event Reports
Report Title: PBUL – All Command Activity Events
REPORT DESCRIPTION:
This report displays PowerBroker Servers accepted commands from master host computers.
Compliance Report Categories
NIST SP800-53 (FISMA)
AC-3 (Access Enforcement)
AC-4 (Information Flow Enforcement)
PCI
7.1 (Account access restrictions requirement)
10.2.2 (Auditing: Tracking root and administrative privileges requirement)
SOX Section 404
Monitoring
General Report Categories
PowerBroker Event Reports
PowerBroker Servers (PBUL) Reports
![Page 50: PowerBroker Identity Services Report Book · 2020-07-27 · operating system. Compliance Report Categories NIST SP800-53 (FISMA) CM-2 (Baseline Configuration) CM-8 (Information System](https://reader034.fdocuments.us/reader034/viewer/2022042810/5f988b0a7ac3970e1c343683/html5/thumbnails/50.jpg)
Report Book 50 © 2017. BeyondTrust Software, Inc
Report Title: PBUL – All Command Completion Events
REPORT DESCRIPTION:
This report displays PowerBroker Servers accepted commands that completed from master host
computers.
Compliance Report Categories
NIST SP800-53 (FISMA)
AC-3 (Access Enforcement)
AC-4 (Information Flow Enforcement)
PCI
7.1 (Account access restrictions requirement)
![Page 51: PowerBroker Identity Services Report Book · 2020-07-27 · operating system. Compliance Report Categories NIST SP800-53 (FISMA) CM-2 (Baseline Configuration) CM-8 (Information System](https://reader034.fdocuments.us/reader034/viewer/2022042810/5f988b0a7ac3970e1c343683/html5/thumbnails/51.jpg)
Report Book 51 © 2017. BeyondTrust Software, Inc
10.2.2 (Auditing: Tracking root and administrative privileges requirement)
SOX Section 404
Monitoring
General Report Categories
PowerBroker Event Reports
PowerBroker Servers (PBUL) Reports
![Page 52: PowerBroker Identity Services Report Book · 2020-07-27 · operating system. Compliance Report Categories NIST SP800-53 (FISMA) CM-2 (Baseline Configuration) CM-8 (Information System](https://reader034.fdocuments.us/reader034/viewer/2022042810/5f988b0a7ac3970e1c343683/html5/thumbnails/52.jpg)
Report Book 52 © 2017. BeyondTrust Software, Inc
Report Title: PBUL – All Events
REPORT DESCRIPTION:
This report displays PowerBroker events, including accept, reject events from the master host computer.
Compliance Report Categories
PowerBroker Event Reports
PowerBroker Servers (PBUL) Reports
![Page 53: PowerBroker Identity Services Report Book · 2020-07-27 · operating system. Compliance Report Categories NIST SP800-53 (FISMA) CM-2 (Baseline Configuration) CM-8 (Information System](https://reader034.fdocuments.us/reader034/viewer/2022042810/5f988b0a7ac3970e1c343683/html5/thumbnails/53.jpg)
Report Book 53 © 2017. BeyondTrust Software, Inc
Report Title: PBUL Accepted Command Events
REPORT DESCRIPTION:
This report displays PowerBroker Servers accepted commands from master host computers.
Compliance Report Categories
NIST SP800-53 (FISMA)
AC-3 (Access Enforcement)
AC-4 (Information Flow Enforcement)
PCI
7.1 (Account access restrictions requirement)
10.2.2 (Auditing: Tracking root and administrative privileges requirement)
SOX Section 404
Monitoring
General Report Categories
PowerBroker Event Reports
PowerBroker Servers (PBUL) Reports
![Page 54: PowerBroker Identity Services Report Book · 2020-07-27 · operating system. Compliance Report Categories NIST SP800-53 (FISMA) CM-2 (Baseline Configuration) CM-8 (Information System](https://reader034.fdocuments.us/reader034/viewer/2022042810/5f988b0a7ac3970e1c343683/html5/thumbnails/54.jpg)
Report Book 54 © 2017. BeyondTrust Software, Inc
Report Title: PBUL Detected Keystroke Events
REPORT DESCRIPTION:
This report displays PowerBroker Servers keystroke events.
Compliance Report Categories
NIST SP800-53 (FISMA)
AC-3 (Access Enforcement)
AC-4 (Information Flow Enforcement)
PCI
7.1 (Account access restrictions requirement)
10.2.2 (Auditing: Tracking root and administrative privileges requirement)
SOX Section 404
![Page 55: PowerBroker Identity Services Report Book · 2020-07-27 · operating system. Compliance Report Categories NIST SP800-53 (FISMA) CM-2 (Baseline Configuration) CM-8 (Information System](https://reader034.fdocuments.us/reader034/viewer/2022042810/5f988b0a7ac3970e1c343683/html5/thumbnails/55.jpg)
Report Book 55 © 2017. BeyondTrust Software, Inc
Monitoring
General Report Categories
PowerBroker Event Reports
PowerBroker Servers (PBUL) Reports
Report Title: PBUL Finish Failed Events
REPORT DESCRIPTION:
This report displays PowerBroker Servers events that failed to finish.
Compliance Report Categories
NIST SP800-53 (FISMA)
AC-3 (Access Enforcement)
AC-4 (Information Flow Enforcement)
PCI
7.1 (Account access restrictions requirement)
10.2.2 (Auditing: Tracking root and administrative privileges requirement)
SOX Section 404
Monitoring
General Report Categories
PowerBroker Event Reports
PowerBroker Servers (PBUL) Reports
![Page 56: PowerBroker Identity Services Report Book · 2020-07-27 · operating system. Compliance Report Categories NIST SP800-53 (FISMA) CM-2 (Baseline Configuration) CM-8 (Information System](https://reader034.fdocuments.us/reader034/viewer/2022042810/5f988b0a7ac3970e1c343683/html5/thumbnails/56.jpg)
Report Book 56 © 2017. BeyondTrust Software, Inc
![Page 57: PowerBroker Identity Services Report Book · 2020-07-27 · operating system. Compliance Report Categories NIST SP800-53 (FISMA) CM-2 (Baseline Configuration) CM-8 (Information System](https://reader034.fdocuments.us/reader034/viewer/2022042810/5f988b0a7ac3970e1c343683/html5/thumbnails/57.jpg)
Report Book 57 © 2017. BeyondTrust Software, Inc
Report Title: PBUL Finish Successful Events
REPORT DESCRIPTION:
This report displays PowerBroker Servers events that completed successfully.
Compliance Report Categories
NIST SP800-53 (FISMA)
AC-3 (Access Enforcement)
AC-4 (Information Flow Enforcement)
PCI
7.1 (Account access restrictions requirement)
10.2.2 (Auditing: Tracking root and administrative privileges requirement)
SOX Section 404
Monitoring
General Report Categories
PowerBroker Event Reports
PowerBroker Servers (PBUL) Reports
![Page 58: PowerBroker Identity Services Report Book · 2020-07-27 · operating system. Compliance Report Categories NIST SP800-53 (FISMA) CM-2 (Baseline Configuration) CM-8 (Information System](https://reader034.fdocuments.us/reader034/viewer/2022042810/5f988b0a7ac3970e1c343683/html5/thumbnails/58.jpg)
Report Book 58 © 2017. BeyondTrust Software, Inc
Report Title: PBUL Rejected Command Events
REPORT DESCRIPTION:
This report displays PowerBroker Servers commands that were run on the master host but were
rejected.
Compliance Report Categories
NIST SP800-53 (FISMA)
AC-3 (Access Enforcement)
AC-4 (Information Flow Enforcement)
PCI
7.1 (Account access restrictions requirement)
10.2.2 (Auditing: Tracking root and administrative privileges requirement)
SOX Section 404
![Page 59: PowerBroker Identity Services Report Book · 2020-07-27 · operating system. Compliance Report Categories NIST SP800-53 (FISMA) CM-2 (Baseline Configuration) CM-8 (Information System](https://reader034.fdocuments.us/reader034/viewer/2022042810/5f988b0a7ac3970e1c343683/html5/thumbnails/59.jpg)
Report Book 59 © 2017. BeyondTrust Software, Inc
Monitoring
General Report Categories
PowerBroker Event Reports
PowerBroker Servers (PBUL) Reports
![Page 60: PowerBroker Identity Services Report Book · 2020-07-27 · operating system. Compliance Report Categories NIST SP800-53 (FISMA) CM-2 (Baseline Configuration) CM-8 (Information System](https://reader034.fdocuments.us/reader034/viewer/2022042810/5f988b0a7ac3970e1c343683/html5/thumbnails/60.jpg)
Report Book 60 © 2017. BeyondTrust Software, Inc
Report Title: PowerBroker Access Restriction Changes Reports
REPORT DESCRIPTION:
This report displays PowerBroker access restriction changes events. For example, shows ‘require-
membership-of’ setting changes.
Compliance Report Categories
NIST SP800-53 (FISMA)
AC-3 (Access Enforcement)
CM-5 (Access Restrictions for Change)
PCI
7.2 (Account Access Restriction Mechanism Requirement)
SOX Section 404
Monitoring
General Report Categories
PowerBroker Event Reports
![Page 61: PowerBroker Identity Services Report Book · 2020-07-27 · operating system. Compliance Report Categories NIST SP800-53 (FISMA) CM-2 (Baseline Configuration) CM-8 (Information System](https://reader034.fdocuments.us/reader034/viewer/2022042810/5f988b0a7ac3970e1c343683/html5/thumbnails/61.jpg)
Report Book 61 © 2017. BeyondTrust Software, Inc
![Page 62: PowerBroker Identity Services Report Book · 2020-07-27 · operating system. Compliance Report Categories NIST SP800-53 (FISMA) CM-2 (Baseline Configuration) CM-8 (Information System](https://reader034.fdocuments.us/reader034/viewer/2022042810/5f988b0a7ac3970e1c343683/html5/thumbnails/62.jpg)
Report Book 62 © 2017. BeyondTrust Software, Inc
Report Title: Root Logon Events
REPORT DESCRIPTION:
This report displays logon events for the root account.
Compliance Report Categories
NIST SP800-53 (FISMA)
AU-14 (Session Audit)
PCI
10.2.2 (Auditing: Tracking root and administrative privileges requirement)
SOX Section 404
Monitoring
General Report Categories
PowerBroker Event Reports
![Page 63: PowerBroker Identity Services Report Book · 2020-07-27 · operating system. Compliance Report Categories NIST SP800-53 (FISMA) CM-2 (Baseline Configuration) CM-8 (Information System](https://reader034.fdocuments.us/reader034/viewer/2022042810/5f988b0a7ac3970e1c343683/html5/thumbnails/63.jpg)
Report Book 63 © 2017. BeyondTrust Software, Inc
Report Title: Root Logon Failure Events
REPORT DESCRIPTION:
This report displays information about the logon failures for the root account.
Compliance Report Categories
NIST SP800-53 (FISMA)
AU-14 (Session Audit)
PCI
10.2.2 (Auditing: Tracking root and administrative privileges requirement)
SOX Section 404
Monitoring
General Report Categories
PowerBroker Event Reports
![Page 64: PowerBroker Identity Services Report Book · 2020-07-27 · operating system. Compliance Report Categories NIST SP800-53 (FISMA) CM-2 (Baseline Configuration) CM-8 (Information System](https://reader034.fdocuments.us/reader034/viewer/2022042810/5f988b0a7ac3970e1c343683/html5/thumbnails/64.jpg)
Report Book 64 © 2017. BeyondTrust Software, Inc
Report Title: Root Logon Success Events
REPORT DESCRIPTION:
This report displays information about logon successes for the root account.
Compliance Report Categories
NIST SP800-53 (FISMA)
AU-14 (Session Audit)
PCI
10.2.2 (Auditing: Tracking root and administrative privileges requirement)
SOX Section 404
Monitoring
General Report Categories
PowerBroker Event Reports
![Page 65: PowerBroker Identity Services Report Book · 2020-07-27 · operating system. Compliance Report Categories NIST SP800-53 (FISMA) CM-2 (Baseline Configuration) CM-8 (Information System](https://reader034.fdocuments.us/reader034/viewer/2022042810/5f988b0a7ac3970e1c343683/html5/thumbnails/65.jpg)
Report Book 65 © 2017. BeyondTrust Software, Inc
Report Title: Security Policies
REPORT DESCRIPTION:
This report displays information about GPOs.
Compliance Report Categories
NIST SP800-53 (FISMA)
AU-1 (Access Control Policy and Procedures)
AC-2 (Account Management)
AC-3 (Access Enforcement)
AC-5 (Separation of Duties)
AC-8 (System Use Notification)
AC-14 (Permitted Actions without Identification or Authentication)
AC-16 (Security Attributes)
AU-4 (Audit Storage Capacity)
AU-12 (Audit Generation)
CM-2 (Baseline Configuration)
CM-3 (Configuration Change Control)
CM-6 (Configuration Settings)
CM-7 (Least Functionality)
PCI
8.2 (User account authentication methods requirement)
8.5.9 (Passwords changed every 90 days requirement)
8.5.10 (Passwords at least 7 characters long requirement)
8.5.11 (Passwords contain both alphabet and numeric characters requirement)
8.5.12 (Passwords cannot be the same as four previously used requirement)
8.5.13 (User account lockout after 6 invalid logon attempts requirement)
8.5.14 (User account lockout for 30 minutes or until admin resets account requirement)
8.5.15 (System idle timeout locks system after 15 minutes requirement
![Page 66: PowerBroker Identity Services Report Book · 2020-07-27 · operating system. Compliance Report Categories NIST SP800-53 (FISMA) CM-2 (Baseline Configuration) CM-8 (Information System](https://reader034.fdocuments.us/reader034/viewer/2022042810/5f988b0a7ac3970e1c343683/html5/thumbnails/66.jpg)
Report Book 66 © 2017. BeyondTrust Software, Inc
10.2.2 (Auditing: Tracking root and administrative privileges requirement)
SOX Section 404
Ensure systems security
General Report Categories
Inventory
Group Policy Objects
![Page 67: PowerBroker Identity Services Report Book · 2020-07-27 · operating system. Compliance Report Categories NIST SP800-53 (FISMA) CM-2 (Baseline Configuration) CM-8 (Information System](https://reader034.fdocuments.us/reader034/viewer/2022042810/5f988b0a7ac3970e1c343683/html5/thumbnails/67.jpg)
Report Book 67 © 2017. BeyondTrust Software, Inc
Report Title: Successful Console Logon (Active Directory) Events
REPORT DESCRIPTION:
This report displays information about successful logon events to the BeyondTrust console using an
Active Directory account.
Compliance Report Categories
NIST SP800-53 (FISMA)
IA-2 (Organizational Users)
SOX Section 404
Monitoring
General Report Categories
PowerBroker Event Reports
![Page 68: PowerBroker Identity Services Report Book · 2020-07-27 · operating system. Compliance Report Categories NIST SP800-53 (FISMA) CM-2 (Baseline Configuration) CM-8 (Information System](https://reader034.fdocuments.us/reader034/viewer/2022042810/5f988b0a7ac3970e1c343683/html5/thumbnails/68.jpg)
Report Book 68 © 2017. BeyondTrust Software, Inc
Report Title: Successful Console Logon (Local) Events
REPORT DESCRIPTION:
This report displays information about successful logon events to the BeyondTrust console using a local
account.
Compliance Report Categories
SOX Section 404
Monitoring
General Report Categories
PowerBroker Event Reports
![Page 69: PowerBroker Identity Services Report Book · 2020-07-27 · operating system. Compliance Report Categories NIST SP800-53 (FISMA) CM-2 (Baseline Configuration) CM-8 (Information System](https://reader034.fdocuments.us/reader034/viewer/2022042810/5f988b0a7ac3970e1c343683/html5/thumbnails/69.jpg)
Report Book 69 © 2017. BeyondTrust Software, Inc
Report Title: Successful Domain Join Events
REPORT DESCRIPTION:
This report displays domain join events that succeed.
Compliance Report Categories
NIST SP800-53 (FISMA)
CM-8 (Information System Component Inventory)
SOX Section 404
Monitoring
General Report Categories
PowerBroker Event Reports
![Page 70: PowerBroker Identity Services Report Book · 2020-07-27 · operating system. Compliance Report Categories NIST SP800-53 (FISMA) CM-2 (Baseline Configuration) CM-8 (Information System](https://reader034.fdocuments.us/reader034/viewer/2022042810/5f988b0a7ac3970e1c343683/html5/thumbnails/70.jpg)
Report Book 70 © 2017. BeyondTrust Software, Inc
Report Title: Successful Domain Leave Events
REPORT DESCRIPTION:
This report displays domain leave events that succeed.
Compliance Report Categories
NIST SP800-53 (FISMA)
CM-8 (Information System Component Inventory)
SOX Section 404
Monitoring
General Report Categories
PowerBroker Event Reports
![Page 71: PowerBroker Identity Services Report Book · 2020-07-27 · operating system. Compliance Report Categories NIST SP800-53 (FISMA) CM-2 (Baseline Configuration) CM-8 (Information System](https://reader034.fdocuments.us/reader034/viewer/2022042810/5f988b0a7ac3970e1c343683/html5/thumbnails/71.jpg)
Report Book 71 © 2017. BeyondTrust Software, Inc
Report Title: Successful Group Policy Update Events
REPORT DESCRIPTION:
This report displays GPO updates that succeeded on computers.
Compliance Report Categories
NIST SP800-53 (FISMA)
CM-6 (Configuration Settings)
PCI
10.2.4 (Auditing: Invalid logical access attempts to systems requirement)
SOX Section 404
Monitoring
General Report Categories
Group Policy Objects
PowerBroker Event Reports
![Page 72: PowerBroker Identity Services Report Book · 2020-07-27 · operating system. Compliance Report Categories NIST SP800-53 (FISMA) CM-2 (Baseline Configuration) CM-8 (Information System](https://reader034.fdocuments.us/reader034/viewer/2022042810/5f988b0a7ac3970e1c343683/html5/thumbnails/72.jpg)
Report Book 72 © 2017. BeyondTrust Software, Inc
Report Title: Successful Kerberos Refresh Events
REPORT DESCRIPTION:
This report displays Kerberos refresh events that succeeded.
Compliance Report Categories
SOX Section 404
Monitoring
General Report Categories
PowerBroker Event Reports
![Page 73: PowerBroker Identity Services Report Book · 2020-07-27 · operating system. Compliance Report Categories NIST SP800-53 (FISMA) CM-2 (Baseline Configuration) CM-8 (Information System](https://reader034.fdocuments.us/reader034/viewer/2022042810/5f988b0a7ac3970e1c343683/html5/thumbnails/73.jpg)
Report Book 73 © 2017. BeyondTrust Software, Inc
Report Title: Successful Logon Events
REPORT DESCRIPTION:
This report displays logon events that succeeded.
Compliance Report Categories
PCI
7.1 (Account access restrictions requirement)
10.2.4 (Auditing: Invalid logical access attempts to systems requirement)
SOX Section 404
Monitoring
General Report Categories
PowerBroker Event Reports
![Page 74: PowerBroker Identity Services Report Book · 2020-07-27 · operating system. Compliance Report Categories NIST SP800-53 (FISMA) CM-2 (Baseline Configuration) CM-8 (Information System](https://reader034.fdocuments.us/reader034/viewer/2022042810/5f988b0a7ac3970e1c343683/html5/thumbnails/74.jpg)
Report Book 74 © 2017. BeyondTrust Software, Inc
Report Title: Successful Password Change Events
REPORT DESCRIPTION:
This report displays password changes that succeeded for computers in the selected OU.
Compliance Report Categories
PCI
10.2.4 (Auditing: Invalid logical access attempts to systems requirement)
SOX Section 404
Monitoring
General Report Categories
PowerBroker Event Reports
![Page 75: PowerBroker Identity Services Report Book · 2020-07-27 · operating system. Compliance Report Categories NIST SP800-53 (FISMA) CM-2 (Baseline Configuration) CM-8 (Information System](https://reader034.fdocuments.us/reader034/viewer/2022042810/5f988b0a7ac3970e1c343683/html5/thumbnails/75.jpg)
Report Book 75 © 2017. BeyondTrust Software, Inc
Report Title: Successful Smartcard Logon Events
REPORT DESCRIPTION:
This report displays SmartCard logon events that succeeded.
Compliance Report Categories
NIST SP800-53 (FISMA)
IA-2 (Organizations Users)
PCI
7.1 (Account access restrictions requirement)
10.2.4 (Auditing: Invalid logical access attempts to systems requirement)
SOX Section 404
Monitoring
General Report Categories
PowerBroker Event Reports
![Page 76: PowerBroker Identity Services Report Book · 2020-07-27 · operating system. Compliance Report Categories NIST SP800-53 (FISMA) CM-2 (Baseline Configuration) CM-8 (Information System](https://reader034.fdocuments.us/reader034/viewer/2022042810/5f988b0a7ac3970e1c343683/html5/thumbnails/76.jpg)
Report Book 76 © 2017. BeyondTrust Software, Inc
Report Title: Successful SSH Logon (Active Directory) Events
REPORT DESCRIPTION:
This report displays SSH logon attempts that succeeded using an Active Directory account.
Compliance Report Categories
NIST SP800-53 (FISMA)
AC-17 (Remote Access)
IA-2 (Organizational Users)
SOX Section 404
Monitoring
General Report Categories
PowerBroker Event Reports
![Page 77: PowerBroker Identity Services Report Book · 2020-07-27 · operating system. Compliance Report Categories NIST SP800-53 (FISMA) CM-2 (Baseline Configuration) CM-8 (Information System](https://reader034.fdocuments.us/reader034/viewer/2022042810/5f988b0a7ac3970e1c343683/html5/thumbnails/77.jpg)
Report Book 77 © 2017. BeyondTrust Software, Inc
Report Title: Successful SSH Logon (Local) Events
REPORT DESCRIPTION:
This report displays SSH logon attempts that succeeded using a local account.
Compliance Report Categories
NIST SP800-53 (FISMA)
AC-17 (Remote Access)
SOX Section 404
Monitoring
General Report Categories
PowerBroker Event Reports
![Page 78: PowerBroker Identity Services Report Book · 2020-07-27 · operating system. Compliance Report Categories NIST SP800-53 (FISMA) CM-2 (Baseline Configuration) CM-8 (Information System](https://reader034.fdocuments.us/reader034/viewer/2022042810/5f988b0a7ac3970e1c343683/html5/thumbnails/78.jpg)
Report Book 78 © 2017. BeyondTrust Software, Inc
Report Title: Successful Sudo Access Events
REPORT DESCRIPTION:
This report displays Sudo access attempts that succeeded.
Compliance Report Categories
NIST SP800-53 (FISMA)
AC-4 (Information Flow Enforcement)
AU-14 (Session Audit)
PCI
7.1 (Account access restrictions requirement)
10.2.2 (Auditing: Tracking root and administrative privileges requirement)
SOX Section 404
Monitoring
General Report Categories
PowerBroker Event Reports
![Page 79: PowerBroker Identity Services Report Book · 2020-07-27 · operating system. Compliance Report Categories NIST SP800-53 (FISMA) CM-2 (Baseline Configuration) CM-8 (Information System](https://reader034.fdocuments.us/reader034/viewer/2022042810/5f988b0a7ac3970e1c343683/html5/thumbnails/79.jpg)
Report Book 79 © 2017. BeyondTrust Software, Inc
Report Title: Sudo Command Events
REPORT DESCRIPTION:
This report displays all Sudo command events.
Compliance Report Categories
NIST SP800-53 (FISMA)
AC-4 (Information Flow Enforcement)
AU-14 (Session Audit)
PCI
10.2.2 (Auditing: Tracking root and administrative privileges requirement)
SOX Section 404
Monitoring
General Report Categories
PowerBroker Event Reports
![Page 80: PowerBroker Identity Services Report Book · 2020-07-27 · operating system. Compliance Report Categories NIST SP800-53 (FISMA) CM-2 (Baseline Configuration) CM-8 (Information System](https://reader034.fdocuments.us/reader034/viewer/2022042810/5f988b0a7ac3970e1c343683/html5/thumbnails/80.jpg)
Report Book 80 © 2017. BeyondTrust Software, Inc
Report Title: Sudo GPO Settings
REPORT DESCRIPTION:
This report displays the GPOs where Sudo commands are used.
Compliance Report Categories
NIST SP800-53 (FISMA)
AC-3 (Access Enforcement)
AC-4 (Information Flow Enforcement)
AC-5 (Separation of Duties)
AC-6 (Least Privilege)
AC-14 (Permitted Actions with Identification and Authentication)
AC-16 (Security Attributes)
CM-2 (Baseline Configuration)
CM-5 (Access Restrictions for Change)
CM-6 (Configuration Settings)
PCI
7.1 (Account access restrictions requirement)
10.2.2 (Auditing: Tracking root and administrative privileges requirement)
General Report Categories
Inventory
Group Policy Objects
![Page 81: PowerBroker Identity Services Report Book · 2020-07-27 · operating system. Compliance Report Categories NIST SP800-53 (FISMA) CM-2 (Baseline Configuration) CM-8 (Information System](https://reader034.fdocuments.us/reader034/viewer/2022042810/5f988b0a7ac3970e1c343683/html5/thumbnails/81.jpg)
Report Book 81 © 2017. BeyondTrust Software, Inc
Report Title: System Log Error Events
REPORT DESCRIPTION:
This report displays System Log error events.
Compliance Report Categories
NIST SP800-53 (FISMA)
AU-6 (Audit Review, Analysis, and Reporting)
SOX Section 404
Monitoring
General Report Categories
PowerBroker Event Reports
![Page 82: PowerBroker Identity Services Report Book · 2020-07-27 · operating system. Compliance Report Categories NIST SP800-53 (FISMA) CM-2 (Baseline Configuration) CM-8 (Information System](https://reader034.fdocuments.us/reader034/viewer/2022042810/5f988b0a7ac3970e1c343683/html5/thumbnails/82.jpg)
Report Book 82 © 2017. BeyondTrust Software, Inc
Report Title: System Log Information Events
REPORT DESCRIPTION:
This report displays System Log Information events.
Compliance Report Categories
NIST SP800-53 (FISMA)
AU-6 (Audit Review, Analysis, and Reporting)
SOX Section 404
Monitoring
General Report Categories
PowerBroker Event Reports
![Page 83: PowerBroker Identity Services Report Book · 2020-07-27 · operating system. Compliance Report Categories NIST SP800-53 (FISMA) CM-2 (Baseline Configuration) CM-8 (Information System](https://reader034.fdocuments.us/reader034/viewer/2022042810/5f988b0a7ac3970e1c343683/html5/thumbnails/83.jpg)
Report Book 83 © 2017. BeyondTrust Software, Inc
Report Title: System Log Warning Events
REPORT DESCRIPTION:
This report displays System Log Warning events.
Compliance Report Categories
NIST SP800-53 (FISMA)
AU-6 (Audit Review, Analysis, and Reporting)
SOX Section 404
Monitoring
General Report Categories
PowerBroker Event Reports
![Page 84: PowerBroker Identity Services Report Book · 2020-07-27 · operating system. Compliance Report Categories NIST SP800-53 (FISMA) CM-2 (Baseline Configuration) CM-8 (Information System](https://reader034.fdocuments.us/reader034/viewer/2022042810/5f988b0a7ac3970e1c343683/html5/thumbnails/84.jpg)
Report Book 84 © 2017. BeyondTrust Software, Inc
Report Title: Temporary Accounts
REPORT DESCRIPTION:
This report displays information for temporary accounts, including expiry date for the account.
Compliance Report Categories
NIST SP800-53 (FISMA)
AC-2 (Temporary Accounts)
IA-2 (Organizational Users)
PCI
8.5.6 (Vendor account access requirement)
General Report Categories
Inventory
Users
![Page 85: PowerBroker Identity Services Report Book · 2020-07-27 · operating system. Compliance Report Categories NIST SP800-53 (FISMA) CM-2 (Baseline Configuration) CM-8 (Information System](https://reader034.fdocuments.us/reader034/viewer/2022042810/5f988b0a7ac3970e1c343683/html5/thumbnails/85.jpg)
Report Book 85 © 2017. BeyondTrust Software, Inc
Report Title: User Access Report
REPORT DESCRIPTION:
This report displays Active Directory user accounts and whether the account is activated in a
PowerBroker cell.
Compliance Report Categories
NIST SP800-53 (FISMA)
AC-1 (Access Control Policy and Procedures)
AC-3 (Access Enforcement)
AC-14 (Permitted Actions without Identification or Authentication)
IA-2 (Organizational Users)
PCI
8.1 (Users account with unique IDs requirement)
8.5.6 (Vendor account access requirement)
SOX Section 404
Ensure systems security
General Report Categories
Inventory
Users
PowerBroker Access Control Reports
![Page 86: PowerBroker Identity Services Report Book · 2020-07-27 · operating system. Compliance Report Categories NIST SP800-53 (FISMA) CM-2 (Baseline Configuration) CM-8 (Information System](https://reader034.fdocuments.us/reader034/viewer/2022042810/5f988b0a7ac3970e1c343683/html5/thumbnails/86.jpg)
Report Book 86 © 2017. BeyondTrust Software, Inc
![Page 87: PowerBroker Identity Services Report Book · 2020-07-27 · operating system. Compliance Report Categories NIST SP800-53 (FISMA) CM-2 (Baseline Configuration) CM-8 (Information System](https://reader034.fdocuments.us/reader034/viewer/2022042810/5f988b0a7ac3970e1c343683/html5/thumbnails/87.jpg)
Report Book 87 © 2017. BeyondTrust Software, Inc
Report Title: User List
REPORT DESCRIPTION:
This report displays all Active Directory user accounts.
Compliance Report Categories
NIST SP800-53 (FISMA)
AC-2 (Account Management)
IA-2 (Organizational Users)
IA-4 (Identifier Management)
General Report Categories
Inventory
Users
![Page 88: PowerBroker Identity Services Report Book · 2020-07-27 · operating system. Compliance Report Categories NIST SP800-53 (FISMA) CM-2 (Baseline Configuration) CM-8 (Information System](https://reader034.fdocuments.us/reader034/viewer/2022042810/5f988b0a7ac3970e1c343683/html5/thumbnails/88.jpg)
Report Book 88 © 2017. BeyondTrust Software, Inc
Report Title: Users With Non-Expiring Passwords
REPORT DESCRIPTION:
This report displays all Active Directory user accounts where passwords will not expire.
Compliance Report Categories
PCI
8.5.9 (Passwords changed every 90 days requirement)
General Report Categories
Inventory
Users
![Page 89: PowerBroker Identity Services Report Book · 2020-07-27 · operating system. Compliance Report Categories NIST SP800-53 (FISMA) CM-2 (Baseline Configuration) CM-8 (Information System](https://reader034.fdocuments.us/reader034/viewer/2022042810/5f988b0a7ac3970e1c343683/html5/thumbnails/89.jpg)
Report Book 89 © 2017. BeyondTrust Software, Inc
Report Title: Warning Events
REPORT DESCRIPTION:
This report displays all Warning events.
Compliance Report Categories
NIST SP800-53 (FISMA)
AU-6 (Audit Review, Analysis, and Reporting)
SOX Section 404
Monitoring
General Report Categories
PowerBroker Event Reports
![Page 90: PowerBroker Identity Services Report Book · 2020-07-27 · operating system. Compliance Report Categories NIST SP800-53 (FISMA) CM-2 (Baseline Configuration) CM-8 (Information System](https://reader034.fdocuments.us/reader034/viewer/2022042810/5f988b0a7ac3970e1c343683/html5/thumbnails/90.jpg)
Report Book 90 © 2017. BeyondTrust Software, Inc
About BeyondTrust
BeyondTrust is a proven leader with more than 25 years of experience. More than half of the
companies listed on the Dow Jones, eight of the 10 largest banks, seven of the 10 largest aerospace and defense firms, and six of the 10 largest U.S. pharmaceutical companies rely on
BeyondTrust to secure their enterprise.
Visit www.beyondtrust.com
• Read more about our products, solutions and awards
• Download evaluation versions of our products
Contact us at 1.800.234.9072 or email us at [email protected] We can provide security advice, full-featured evaluation, pilots, and appliance trials
Visit our Resource Center for video demonstrations, webinars, events & free trials
www.beyondtrust.com/Home/Resources