Remote Access
The Privileged Remote Access (PRA) service levels audit all remote access events and include the following.
-
"Asset of {{Target.Type}} created by {{Actor.Name}}.",
-
"Assets of {{Asset.Type}} queried by {{Actor.Name}}.",
-
"Asset of {{Target.Type}} read by {{Actor.Name}}.",
-
"Asset of {{Target.Type}} removed by {{Actor.Name}}.",
-
"Asset of {{Target.Type}} updated by {{Actor.Name}}.",
-
"Installation script for engine created by user {{Actor.Name}}.",
-
"Upgrade to Platform Engine requested by user {{Actor.Name}} for PRA standalone engine currently deployed on PRA site {{Target.AdditionalAttributes.site_name}} to target site {{AdditionalAttributes.platform_site_name}}",
-
"File {{Target.AdditionalAttributes.path}} downloaded by user {{Actor.Name}}.",
-
"File list retrieved by user {{Actor.Name}}.",
-
"File uploaded to {{Target.AdditionalAttributes.path}} by user {{Actor.Name}}.",
-
"Upload requested for X file(s) by user {{Actor.Name}}.",
-
"Secrets retrieved by user {{Actor.Name}}.",
-
"Clipboard data is copied by user {{Actor.Name}}.",
-
"Clipboard data is sent to target by user {{Actor.Name}}.",
-
"Clipboard data updated by user {{Actor.Name}}.",
-
"Clipboard data viewed by user {{Actor.Name}}.",
-
"Session closed due to error: {{AdditionalAttributes.error}}.",
-
"Session closed by user {{Actor.Name}} from the target.",
-
"Session closed by system after timing out.",
-
"Session closed by user {{Actor.Name}} after disconnection.",
-
"Session closed by user {{Actor.Name}} after disconnection.",
-
"Session terminated from the vault and closed by user {{Actor.Name}}.",
-
"Session for a secret launched by user {{Actor.Name}}.",
-
"Launched by user {{Actor.Name}} with Manual Credentials as {{Target.AdditionalAttributes.user_name}} to {{Target.Host.MachineName}}:{{Target.Host.Network.Port}} at {{Target.AdditionalAttributes.site_name}} using {{Target.AdditionalAttributes.protocol}}.",
-
"Launched by user {{Actor.Name}} from secret {{Target.Name}} ({{Target.Id}}) as {{Target.AdditionalAttributes.user_name}} to {{Target.Host.MachineName}}:{{Target.Host.Network.Port}} at {{Target.AdditionalAttributes.site_name}} using {{Target.AdditionalAttributes.protocol}}.",
-
"Launched by user {{Actor.Name}} with Use My Account to {{Target.Host.MachineName}}:{{Target.Host.Network.Port}} at {{Target.AdditionalAttributes.site_name}} using {{Target.AdditionalAttributes.protocol}}.",
-
"Templates retrieved by query by user {{Actor.Name}}.",
-
"Template deselected by user {{Actor.Name}}.",
-
"Templates selected by user {{Actor.Name}}.",
-
"Vault information updated by user {{Actor.Name}}.",
-
"Vault information viewed by user {{Actor.Name}}."
Deprecated Audit Events
-
"Engine activated by user {{Actor.Name}}.",
-
"Engine created by user {{Actor.Name}}.",
-
"Engines retrieved by user {{Actor.Name}}.",
-
"Engine removed by user {{Actor.Name}}.",
-
"Engine upgraded by user {{Actor.Name}}.",
-
"Site created by user {{Actor.Name}}.",
-
"Sites retrieved by user {{Actor.Name}}.",
-
"Site removed by user {{Actor.Name}}.",
-
"Site updated by user {{Actor.Name}}.",
