View Audit Events on a SAM Endpoint

Enterprise Administration Guide › Managing Shared Accounts › Audit Privileged Accounts › View Audit Events on a SAM Endpoint

View Audit Events on a SAM Endpoint

If you integrate your SAM endpoints with CA User Activity Reporting, you can record audit events on the endpoints for each privileged account session. The audit events are collected in CA User Activity Reporting reports, which you can view from CA ControlMinder Enterprise Management. The reports let you track the actions that a privileged account performs after a user checks out the account.

You can view CA User Activity Reporting reports only for CheckOutAccountPasswordEvent or CheckInAccountPasswordEvent events.

To view audit events on a SAM endpoint

In CA ControlMinder Enterprise Management, click Privileged Accounts, Audit.
The Audit Privileged Accounts task appears in the list of available tasks.
Select Audit Privileged Accounts.
The Audit Privileged Accounts task opens.
Specify the search criteria, enter the number of rows to display, and click Search.
The tasks that satisfy your search criteria appear.
For the selected task, click the icon in the Session Details column in the Audit Privileged Account page.
Note: The icon appears only for CheckOutAccountPasswordEvent or CheckInAccountPasswordEvent events.

The CA User Activity Reporting report appears. The report contains the audit events for the privileged account session that you selected.
Click Preview.
The report closes and CA ControlMinder Enterprise Management displays the Audit Privileged Account page with the tasks list.

More information:

Auditing Events on SAM Endpoints

How to Integrate SAM Endpoints with CA User Activity Reporting