Using the Audit Collector Workload

Audit A record of actions that are typically user initiated but may also include some system actions. An audit is designed for consumption by users - mainly security overseers like SecOps and CISOs. collectors send audit A record of actions that are typically user initiated but may also include some system actions. An audit is designed for consumption by users - mainly security overseers like SecOps and CISOs. data to the Delinea Platform, so recorded activities and events can be displayed.

Audit A record of actions that are typically user initiated but may also include some system actions. An audit is designed for consumption by users - mainly security overseers like SecOps and CISOs. Collectors function as intermediary services that receive and compress real-time activities captured by agents An agent is software installed on a computer that can act autonomously to achieve goals set by humans. An agent has self-governing attributes and capabilities in reasoning, learning, adaptability, decision-making, policy-following, and execution. deployed on audited A record of actions that are typically user initiated but may also include some system actions. An audit is designed for consumption by users - mainly security overseers like SecOps and CISOs. computers. Additional collectors can be deployed at any point for additional resiliency or improved scale.

We recommend setting up at least two collectors to ensure uninterrupted auditing A record of actions that are typically user initiated but may also include some system actions. An audit is designed for consumption by users - mainly security overseers like SecOps and CISOs..

The agent An agent is software installed on a computer that can act autonomously to achieve goals set by humans. An agent has self-governing attributes and capabilities in reasoning, learning, adaptability, decision-making, policy-following, and execution. on each audited A record of actions that are typically user initiated but may also include some system actions. An audit is designed for consumption by users - mainly security overseers like SecOps and CISOs. machine captures user activities and forwards them to a designated collector. When the agent An agent is software installed on a computer that can act autonomously to achieve goals set by humans. An agent has self-governing attributes and capabilities in reasoning, learning, adaptability, decision-making, policy-following, and execution. cannot establish a connection with a collector—such as when computers hosting the collector service are offline for maintenance—the agent An agent is software installed on a computer that can act autonomously to achieve goals set by humans. An agent has self-governing attributes and capabilities in reasoning, learning, adaptability, decision-making, policy-following, and execution. temporarily stores the session data locally. When the connection is reestablished, the agent An agent is software installed on a computer that can act autonomously to achieve goals set by humans. An agent has self-governing attributes and capabilities in reasoning, learning, adaptability, decision-making, policy-following, and execution. transfers this session data to the collector. The collector then transmits the data to the Delinea Platform.

Editing Audit Collector Settings

1. Open the Engine management A platform UI page (Settings > Engine Management) where admins manage Platform Engines, the Sites where the engines are deployed, and the Workloads that the engines run. settings page (use the Search bar to find it).

2. Select a site.

3. Select the Settings tab.

4. Click Edit.

5. Enable or disable Session Recordings to Platform, or change the port number.

Setting	Description
Send Session Recordings to Platform	When enabled, session recordings are sent from the collector to the platform for analysis and storage.
Port Number	5063 TCP is used by default. The Audit A record of actions that are typically user initiated but may also include some system actions. An audit is designed for consumption by users - mainly security overseers like SecOps and CISOs. Collector listens on this port. Agents An agent is software installed on a computer that can act autonomously to achieve goals set by humans. An agent has self-governing attributes and capabilities in reasoning, learning, adaptability, decision-making, policy-following, and execution. deployed on audited A record of actions that are typically user initiated but may also include some system actions. An audit is designed for consumption by users - mainly security overseers like SecOps and CISOs. computers forward their captured user activities to the Audit A record of actions that are typically user initiated but may also include some system actions. An audit is designed for consumption by users - mainly security overseers like SecOps and CISOs. Collector using this port.

Audit Collector Account Permissions

The permissions described in this section are needed only when you use the Audit A record of actions that are typically user initiated but may also include some system actions. An audit is designed for consumption by users - mainly security overseers like SecOps and CISOs. Collector as a standalone workload, without the Command Relay, as when using Server Suite with the Delinea Platform. If you are using the Command Relay workload A workload run by the platform engine that enables Privilege Control for Servers to send commands and parameters through an SSH connection for execution on a customer’s servers. The Command Relay workload depends on a service account that can modify the Active Directory domain to update policies., it takes care of all the permissions that are needed.

For information about using Server Suite with the Delinea Platform, see Server Suite Integration with Delinea Platform.

On the server where you will install the Delinea Platform Engine Software installed on servers in a network segment (a Site) that enables the Delinea Platform to perform various actions on that network via Workloads, such as discovery, remote access, authentication or session recording collection. The Delinea Engine acts as a single installer that will dynamically deploy the workloads as needed. For redundancy and high availability, admins can deploy two or more Platform Engines per site. and the Audit Collector workload A workload run by the delinea engine that enables Privilege Control for Servers (on the delinea platform) to receive audit data about events and actions during session recording captured by the privilege control agent deployed on audited computers. More than one delinea engine and Audit Collector workload can be deployed for greater resilience and/or scale. Minimum requirement: two Audit Collector workloads to ensure uninterrupted auditing., define a service account for Audit A record of actions that are typically user initiated but may also include some system actions. An audit is designed for consumption by users - mainly security overseers like SecOps and CISOs. Collector, then configure the account with local server permissions, domain permissions, or domain administrator permissions (temporary) as described in the next few sections.

If you do not want to grant any of your organization's users full control at the root level, create the DelineaPlatform OU and grant Delinea full control over it. Delinea then takes care of all child objects in the OU. At a minimum, you must grant Delinea read permissions at the root.

Local Server Permissions

With local permissions on the server where the Delinea Platform Engine and Audit A record of actions that are typically user initiated but may also include some system actions. An audit is designed for consumption by users - mainly security overseers like SecOps and CISOs. Collector will be installed, the Audit A record of actions that are typically user initiated but may also include some system actions. An audit is designed for consumption by users - mainly security overseers like SecOps and CISOs. Collector service account can create the DelineaPlatform OU manually before running the setup for Audit A record of actions that are typically user initiated but may also include some system actions. An audit is designed for consumption by users - mainly security overseers like SecOps and CISOs. Collector. The local server permissions must include the Log A record of background events typically related to systems, performance, outages, etc. A log is typically consumed by IT/Ops to help them ensure that things are running optimally and delivered according to the appropriate SLA. on as a batch job permission in order for PCS Privilege Control for Servers (PCS) carries the PAM capabilities of the Delinea Platform into the individual servers and computer endpoints in your corporate network. to work.

To assign the Log A record of background events typically related to systems, performance, outages, etc. A log is typically consumed by IT/Ops to help them ensure that things are running optimally and delivered according to the appropriate SLA. on as batch job permission:

1. Select Local Computer Policy > Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignment.
   
   
   
   

2. Select the Log A record of background events typically related to systems, performance, outages, etc. A log is typically consumed by IT/Ops to help them ensure that things are running optimally and delivered according to the appropriate SLA. on as a batch job permission.

3. On the Local Security Setting tab, click Add User or group.

4. Navigate to and select the Audit A record of actions that are typically user initiated but may also include some system actions. An audit is designed for consumption by users - mainly security overseers like SecOps and CISOs. Collector service account to apply the permission.

The Log A record of background events typically related to systems, performance, outages, etc. A log is typically consumed by IT/Ops to help them ensure that things are running optimally and delivered according to the appropriate SLA. on as batch job permission is granted by default to all members of these three AD Active Directory (AD) is a proprietary directory service developed by Microsoft® to manage the authentication and authorization of users and machines on a Windows domain network. Active Directory runs on Windows Server and stores information related to user accounts, computer objects, groups, policies, and other entities on the network. groups:

- Administrators

- Backup Operators

- Performance Log A record of background events typically related to systems, performance, outages, etc. A log is typically consumed by IT/Ops to help them ensure that things are running optimally and delivered according to the appropriate SLA. Users

Domain Permissions

An object named OU=DelineaPlatform must be created at the root of the domain. Permissions giving Full Control to create the OU=DelineaPlatform object and all child objects must be given to the Audit A record of actions that are typically user initiated but may also include some system actions. An audit is designed for consumption by users - mainly security overseers like SecOps and CISOs. Collector service account. In the Permissions section of the Permission Entry dialog, every checkbox must be selected.