Previous Topic: SAM Feeder Audit RecordsNext Topic: How to Integrate SAM Endpoints with CA User Activity Reporting


Auditing Events on SAM Endpoints

CA ControlMinder Enterprise Management records audit data for events that occur on the Enterprise Management Server. If you integrate your SAM endpoints with CA User Activity Reporting, you can also record audit events on the endpoints for each privileged account session.

After a user checks out a privileged account and uses the account to log in to an endpoint, the integration lets you track the actions that the privileged account performs on the endpoint. These actions are recorded in audit events, which are collected in CA User Activity Reporting reports. You can view these CA User Activity Reporting reports in CA ControlMinder Enterprise Management.

For example, you want to review the actions that a user performed after they checked out an account named privileged1. You use the Audit Privileged Accounts task in CA ControlMinder Enterprise Management to find the audit record for the privileged1 account checkout. You then drill down from this audit record and view a CA User Activity Reporting report of the activities that the privileged1 account performed on the endpoint, for example, opening and closing programs.

More information:

View Audit Events on a SAM Endpoint