Built-in Reports

Secret Server includes many pre-configured reports that you can run or use as templates for creating custom reports. Below are the reports shipped with current release of Secret Server:

Unless otherwise designated, reports listed are available in all editions. However, older releases may not include all reports listed here.

Activity

  • Active Secret Sessions: A list of all currently active Secret sessions.
  • Active Secret Sessions Count: Total of all currently active Secret sessions.
  • Custom Report Activity: Shows all custom report activity for a given date range. This report can be used to quickly verify custom report activity by all users.
  • Database Configuration Audit: Shows audited database configuration changes.
  • Distributed Engine Activity: The Distributed Engine Activity report shows the audit of all Engine-related activity.
  • Dual Control Audit: Shows audited Dual Control changes.
  • Engine Status: A list of all engines and their status.
  • Event Subscription Activity: Shows all event subscription activity for a given date range. This report can be used to quickly verify event subscription activity by all users.
  • Folder Activity: Shows all folder activity for a given date range. This report can be used to quickly verify folder activity by all users.
  • Heartbeat Status: Total of Heartbeat status for Pending, Success, and Failure.
  • Heartbeat Status by Day: Number of heartbeats status items record in Secret audit log.
  • Internal Communication Changes: Shows all internal communication changes.
  • IP Address Range Audit: Shows audited IP Address Range changes.
  • License Audit: Shows audited license changes.
  • RPC by Day: Count of remote password changes by day for distinct Secrets recorded in Secret audit log.
  • Secret Activity: Shows all Secret activity for a given date range. This report can be used to quickly verify Secret activity by all users.
  • Secret Activity Today: Shows all Secret activity for today. This report can be used to quickly verify Secret activity by all users.
  • Secret Activity Yesterday: Shows all Secret activity for yesterday. This report can be used to quickly verify Secret activity by all users.
  • Secret Template Activity: The Secret Template report shows the audit of all Secret Template related activity.
  • Session Recording Errors: Shows all session recordings within the last seven days more than five seconds long that encountered an error while being created.
  • Unlimited Administrator behavior: This report shows all actions performed by Unlimited Administrators during the specified date range, including any events outside the date range that were part of the Unlimited Administrator's session.
  • Users Activity: Shows all user activity for a given date range. This report can be used to quickly verify user activity by all users.

Discovery Scan

  • Discovery Scan Status: Shows the breakdown of machines that have been successfully scanned, existing machines that have not yet been successfully scanned, and machines that are in Active Directory but no longer exist. For detailed info on each part of the breakdown, view the other discovery reports.
  • GCP Discovery: What Instances do Service Accounts have access to?: Shows a list of GCP Service Accounts and which Instances they have access to.
  • What computers have been successfully scanned?: Shows all the computers that have been successfully scanned at some point in the past.
  • What computers that exist have not been successfully scanned?: Shows all computers that have not yet been successfully scanned. (For Active Directory, computers that have not connected to the domain in the last 3 months are excluded.)
  • What Secrets are pending import by Discovery?: Shows Secrets that have not been imported by Discovery yet and contain incomplete information.
  • What Secrets failed to import by Discovery?: Shows Secrets that were unable to be completely imported by Discovery. These Secrets may have incorrect passwords.

Folders

  • What folder permissions exist for groups?: Shows all the folders in the system along with their assigned or inherited group permissions. This report can be used to verify that all folders have the correct group permissions.
  • What folder permissions exist?: Shows all the folders in the system along with their assigned or inherited permissions. This report can be used to verify that all folders have the correct permissions.
  • What folders can a user see?: Shows the folders permissions for a particular user. This report is useful from an auditing perspective to ensure that a user is not able to access inappropriate folders.
  • What folders can all users see?: Shows the folders permissions for all users. This report is useful from an auditing perspective to ensure that users are not able to access inappropriate folders.

Groups

  • Group Membership: Shows all the groups in the system and who is a member of each. Use this report to verify group membership - this can be used to monitor both local groups and Active Directory groups.
  • Group Membership By Group: Shows all the members of the group. Use this report to verify group membership - this can be used to monitor both local groups and Active Directory groups.

Legacy Reports

  • Secret Expiration Health: The Secret Expiration Health report shows the number of Secrets in the system in various stages of expiration. This is a good indicator for the overall health of the Secrets in terms of age (frequently changed passwords are more secure).
  • Secret Server Usage: The Secret Server Usage report shows the number of Secret audit activity records (view, edit, sharing) by month over a period of time. This report is an indicator of overall usage of the system.
  • Secret Template Distribution: The Secret Template Distribution report shows the number of Secrets based on their Secret Template within the system. This typically indicates the types of information being stored.
  • Top Ten Viewers: The Top Ten Viewers shows the ten users who have viewed the most Secrets over a date period.

Password Compliance

  • Secret Password Compliance Statuses: This report displays all Secrets and their current password compliance validation status.
  • What Secrets Do Not Meet Password Requirements?: This report displays secrets with one or more password fields that do not meet the requirements.

Report Schedules

  • Report Schedules: Shows a list of all Report schedules. In order to edit a schedule, open the report and click the 'Schedule' button.

Roles and Permissions

  • What role assignments exist?: Shows the roles and which users have been assigned to the role and how (directly or through a group). This report can be used to quickly verify that all users have been assigned to the correct roles.
  • What role permission assignments exist?: Shows the assignment of permissions to users based on role assignments and group memberships. This report can be useful when auditing that permissions are assigned correctly.
  • What role permissions does a user have?: Shows the role permissions for a particular user and where they are getting the role permission from (group, role). This can be useful in diagnosing complex role assignments.

Secret Policy

  • What Folders have Policies assigned?: Shows all the folders and what Policy is assigned and whether it is inherited from a parent folder.
  • What Secrets have different Policies than their folders?: Shows all the Secrets that have a different Policy than their parent folder.
  • What Secrets have policies assigned?: Shows all the Secrets and what Policy is assigned and whether it is inherited from a parent folder.

Secrets

  • Secret Count per Site: Shows all the Sites and how many active Secrets are assigned to them.
  • Secret Dependency Failures: A list of all Secrets that have dependencies that have failed.
  • Secret Dependency Not Run: A list of all Secrets that have dependencies that have not been run yet.
  • Secret Dependency Overview: An overview of the statuses for all dependencies.
  • Secret Dependency Status: A list of all Secrets with dependencies and their status.
  • Secret Permissions Mismatch: Shows all Secrets with Inherit Permissions turned off when Default Inherit Permission is on.
  • Secret Templates without an expiration field?: Shows all the Secret Templates that have password fields that don't have an expiration field selected.
  • Secrets Failing Heartbeat: All Secrets that have currently failed Heartbeat.
  • Secrets Pending Heartbeat: A list of all Secrets that are pending heartbeat.
  • Secrets with Failed Password Change: Secrets that have failed password change during the time frame specified.
  • What file types have been uploaded to Secrets?: Shows the distribution of file types that have been uploaded to Secrets. Use this report to help tailor file attachment restrictions in configuration.
  • What file types have been uploaded to Secrets? (Pie Chart): Shows the top 10 file types that have been uploaded to Secrets. Use this report to help tailor file attachment restrictions in configuration.
  • What Secret permissions exist for a group?: Shows all the permissions on Secrets for the group along with where the Permission has been set. This report can be used to verify that a group has the correct permissions on Secrets.
  • What Secret permissions exist for a user?: Shows all the permissions on Secrets for the user along with where the Permission has been set. This report can be used to verify that a user has the correct permissions on Secrets.
  • What Secret permissions exist?: Shows all the permissions on Secrets in the system along with where the Permission has been set. This report can be used to verify that all Secrets have the correct permissions.
  • What Secrets are expiring this week?: Secrets that have passwords that will expire within the next 7 days.
  • What Secrets can a user see?: Shows the Secrets that are viewable by a particular user (user has view permission). This report is useful from an auditing perspective to ensure that a user is not able to access inappropriate Secrets.
  • What Secrets can all users see?: Shows the Secrets that are viewable by all users. This report is useful from an auditing perspective to ensure that users are not able to access inappropriate Secrets.
  • What Secrets changed passwords in the last 90 days?: Shows all the Secrets whose passwords have changed in the last 90 days, based on the Secret Template expiration field.
  • What Secrets Do Not Have Distributed Engines?: Shows all the secrets that do not have Distributed Engines.
  • What Secrets don't require approval?: Shows all the secrets that don't have approval for access enabled.
  • What Secrets have been accessed by a user?: Shows all the Secrets that have been accessed within the date range for the user. This report shows the last accessed date for each Secret for the user.
  • What Secrets have been accessed by an impersonated user?: Shows all the Secrets that have been accessed within the date range by an impersonated user through web services.
  • What Secrets have been accessed?: Shows all the Secrets that have been accessed within the date range. This report shows the user and last accessed date for each Secret.
  • What Secrets Have Distributed Engines?: Shows all the secrets that have Distributed Engines.
  • What Secrets have Expiration?: Shows the Secrets that have expiration with the Expiration Type (Template, Custom Interval, Custom Date), Expiration Interval and Expiration Date.
  • What Secrets have failed Heartbeat?: Shows all the secrets that have failed Heartbeat password verification. This report can be used to monitor all Heartbeat failures and why they failed.
  • What Secrets have not changed passwords for over 90 days?: Shows all the Secrets whose passwords have not changed in the last 90 days, based on the Secret Template expiration field.
  • What Secrets require approval?: Shows all the secrets that have approval for access enabled.
  • What Secrets require Comments?: Shows the Secrets that are wired to prompt for a comment before the user is allowed to view.
  • What SSH Command Menus do Secrets have?: View the SSH Command Menus that each Secrets have access to.

System Reports

  • Folder Permissions Report
  • Folder Secrets Report
  • Group Lookup Report
  • Permission Lookup Report
  • Privileged Behavior Analytics Configuration Activity
  • Role Permissions Report
  • User Access Report

User

  • Active Users Custom Report: This displays a user list with all active user activity on view and returns an user id. This defaults to the current logged in user.
  • Failed login attempts: Shows all failed login attempts to the Secret Server. This report can be used to show any attempts to compromise a user account.
  • Secret Template Permissions by User: Shows what permissions a user will have to either create a Secret of a specific Template or edit an existing Secret Template.
  • What SSH Command Menus do users have access to?: Shows what SSH Command Menus Users have access to.
  • What users have had an admin reset their password?: Shows any password resets performed on a user account by another user.
  • Who hasn't logged in within the last 90 days?: Shows user accounts that are not being used on a regular basis. Access by these users should be re-evaluated to determine if they really need access to the system.