View Audit Events on a PUPM Endpoint

Enterprise Administration Guide › Managing Privileged Accounts › Audit Privileged Accounts › View Audit Events on a PUPM Endpoint

View Audit Events on a PUPM Endpoint

If you integrate your PUPM endpoints with CA Enterprise Log Manager, you can record audit events on the endpoints for each privileged account session. The audit events are collected in CA Enterprise Log Manager reports, which you can view from CA Access Control Enterprise Management. The reports let you track the actions that a privileged account performs after a user checks out the account.

You can view CA Enterprise Log Manager reports only for CheckOutAccountPasswordEvent or CheckInAccountPasswordEvent events.

To view audit events on a PUPM endpoint

In CA Access Control Enterprise Management, click Privileged Accounts, Audit.
The Audit Privileged Accounts task appears in the list of available tasks.
Select Audit Privileged Accounts.
The Audit Privileged Accounts task opens.
Specify the search criteria, enter the number of rows to display, and click Search.
The tasks that satisfy your search criteria appear.
For the selected task, click the icon in the Session Details column in the Audit Privileged Account page.
Note: The icon appears only for CheckOutAccountPasswordEvent or CheckInAccountPasswordEvent events.

The CA Enterprise Log Manager report appears. The report contains the audit events for the privileged account session that you selected.
Click Preview.
The report closes and CA Access Control Enterprise Management displays the Audit Privileged Account page with the tasks list.

More information:

Auditing Events on PUPM Endpoints

How to Integrate PUPM Endpoints with CA Enterprise Log Manager

Tell Technical Publications how we can improve this information