Comparison of Secret Server Alerts, Events, Audits, and Logs

Alerts

  • Definition: Notifications sent to users or administrators when specific actions are performed or events occur within Secret Server.
  • Customization: Can be customized through Event Subscriptions to notify users about specific actions such as Secret Edit/Add/View, Role and Group Assignment changes, Secret expiration, Configuration changes, and Heartbeat failures.
  • Delivery: Typically sent via email and can be configured to have high priority.
  • Purpose: Provide real-time notifications to administrators and users about critical actions or changes, enabling them to respond promptly.

Events

  • Definition: Specific actions or occurrences within Secret Server that are recorded for auditing and logging purposes.
  • Logging: Events are logged and can be sent to external systems using protocols like Syslog and CEF (Common Event Format) for added security and compliance.
  • Types of Events: Can include system events, errors, warnings, user activities, and other operational data.
  • Purpose: Provide a detailed audit trail of activities within Secret Server, which is crucial for compliance, security monitoring, and troubleshooting.

Audits

  • Definition: Detailed records of actions taken on secrets, including who performed the action and when it occurred.
  • Access: The audit log for a secret can be accessed by clicking the View Audit button on the Secret View page or navigating from the User Audit report.
  • Details: Shows the date, username, action, and any other details about the event. Includes actions like adding, updating, removing secret dependencies, editing permissions, forced expiration, and more.
  • Purpose: Provide accountability and detailed records of changes or views on secrets, which is essential for security and compliance.

Logs

  • Definition: Records of system events and actions that occur while Secret Server is executing.
  • Types: Includes system logs, which can be enabled to communicate different events occurring during execution, and can be helpful in troubleshooting unexpected behavior.
  • Parameters: System log parameters include maximum log length, notifications to administrators when the log is shrunk, and the ability to clear the log.
  • Purpose: Provide a comprehensive record of system events for troubleshooting, monitoring, and ensuring the system is functioning as expected.

Key Differences

  • Real-Time Notification vs. Detailed Records: Alerts provide real-time notifications, while events, audits, and logs provide detailed records of actions and system events.
  • Customization: Alerts can be customized through Event Subscriptions, while audits and logs are automatically recorded based on system activities.
  • Purpose: Alerts are for immediate action, events and audits are for compliance and monitoring, and logs are for troubleshooting and system monitoring.