Auditing Overview

Secret Server provides comprehensive auditing features to help organizations meet regulatory requirements and ensure security compliance. Here is an overview of the auditing capabilities in Secret Server:

Local Auditing

Secret Server locally audits all actions taken within the system.

  • Auditable events include secret access, configuration changes, and user activities.

  • Various user permissions are tailored for specific kinds of audits, such as viewing secret audits, user audits, and configuration audits.

  • Local audit records can be accessed through the Reports tab and specific audit buttons on configuration pages.

Enhanced Auditing, Reporting, and Compliance

  • Audit Reports: Generate reports to see all actions taken by a user or on a secret within a specified date range.

  • Dual Control: Requires two people to access sensitive reports or recordings, enhancing security by implementing the "four eyes principle."

  • Event Subscriptions: Customizable alerts that notify users or administrators when specified actions occur, such as secret edits or heartbeat failures.

  • Scheduled Reports: Set up reports to be generated and sent via email on a regular schedule.

  • Custom Reports: Create custom reports with database queries, including charts and rollup graphs for visualization.

  • FIPS Compliance: Enable FIPS 140-2 compliant algorithms to meet U.S. Federal standards for cryptography.

  • Privileged Behavior Analytics: Detect anomalies in privileged account behavior to preemptively address potential cyber threats.

Exporting and Importing Settings

  • Secret Server allows exporting and importing settings, with audits recorded for each setting category that is exported or imported.

  • Errors and resolutions are logged, and detailed logs are available for troubleshooting.

Alerts, Auditing, Events, and Logs

  • Secret Server records specific events and can send alerts when they happen.

  • Logs are maintained for various activities, providing a detailed trail of actions for auditing and compliance purposes.

Accessing Audit Records

  • Local Reports: Access out-of-the-box and custom reports.

  • Windows Event Log: Configure Secret Server to send audit logs to the Windows Event Log for local auditing and troubleshooting.

  • Configuration Audit: View individual setting audits on the Configuration Audit page.

User Permissions for Auditing

  • View Secret Audit: Allows viewing of secret audit logs.

  • View User Audit Report: Allows viewing of user audit reports.

  • Add Secret Custom Audit: Allows making custom audit entries via the web services API.

  • User Audit Expire Secrets: Allows viewing and forcing expiration of secrets accessed by a user.