Viewing Security Object Data in the Investigator › Security Events › Account Administration

Account Administration

The Investigator displays the following searchable account administration event records:

Successful Account Administration

Includes a record for each time a user account is modified.

Event Code: 31

Account Administration Violation

Includes a record for each time a user tries but is denied when modifying a user account.

Event Code: 32

Note: For a comprehensive list of security events and the event triggers, see the security events chapter in your external security manager documentation.

Example: Identify account administration violations

Your company is looking for efficiencies to maximize productivity. You are tasked with identifying the number of account administration violations in 2012. After you identify them, you can identify the common reasons (poor training, user error, and so on). You can then begin to educate your users about their scope of access. Additionally, you can also identify users attempting to bypass system security.

1. Add the Investigator module to your dashboard, and click Start New Investigation.
2. Select Security from the drop-down list.
3. Select Events, Account Administration from the folder list.
4. Click View Filter (magnifying glass icon).
5. Filter the data by completing the following steps:
   1. Select Event Category Description from the first drop-down list from the center pane.
   2. Select contains from the second drop-down, and type Violation.
   3. Click the plus icon.
   4. Select Security Product from the first drop-down list from the center pane.
   5. Select contains from the second drop-down list, and type ACF.
   6. Specify the time range from 1/1/12 to 12/31/12.
   7. Click Search.

   Your account administration violations for 2012 appear for the specified system.