Previous Topic: Audit Privileged AccountsNext Topic: View Audit Events on a SAM Endpoint


Search Attributes for Auditing Privileged Accounts

To review tasks that have been submitted for processing, you can use the search feature in Audit Privileged Accounts. You can search for tasks that are based on the following criteria:

User ID

Identifies the name of the user who has initiated a task as the search criteria. Searches are based on the user name.

Approver

Identifies the name of the task approver as the search criteria. Searches are based on the user name.

Account Name

Identifies the shared account name as the search criteria. For example, root on UNIX, Administrator on Windows, and sa on SQL Server.

Host Name

Identifies the host name as the search criteria. You can refine the search by specifying conditions such as equals, contains, starts with, or ends with the value of the Where task name field. For example, you can specify the search criteria "host name starts with ENTM*" by selecting the starts with condition, and entering ENTM* in the text field.

Endpoint Type

Identifies the endpoint type as the search criteria. You can refine the search by specifying conditions such as equals, contains, starts with, or ends with the value of the Where endpoint type field. For example, you can specify the search criteria "endpoint type equals Windows Agentless" by selecting the equals condition, and entering Windows Agentless in the text field.

Endpoint Name

Identifies the endpoint name as the search criteria. You can refine the search by specifying conditions such as equals, contains, starts with, or ends with the value of the Where Endpoint Name field. For example, you can specify the search criteria "endpoint name equals exampleHost" by selecting the equals condition, and entering exampleHost in the text field.

Event Name

Identifies the event name as the search criteria. Refine the search by specifying the following event type from the drop-down list:

Event Status

Identifies an event status as the search criteria. Refine the search by specifying the following event status from the drop-down list:

Task Status

Identifies task status as the search criteria. Refine the search by selecting the following task status from the drop-down list:

Task Priority

Identifies task priority as the search criteria. Refine the search by selecting the following task priority from the drop-down list:

Low

Specifies that you can search for tasks that have a low priority.

Medium

Specifies that you can search for tasks that have a medium priority.

High

Specifies that you can search for tasks that have a high priority.

More information:

Task Status Description

Task Status Description

A submitted task exists in one of the following states. Based on the state of the task, you can perform actions such as cancelling or resubmitting a task.

Note: To cancel or resubmit a task, configure View Submitted Tasks to display the cancel and resubmit buttons that are based on the task status.

In progress

Displayed in any of the following situations:

You can cancel a task in this state.

Note: Cancelling a task cancels all the incomplete nested tasks and events for the current task.

Cancelled

Displayed when you cancel any of the tasks or events in progress.

Rejected

Displayed when CA ControlMinder Enterprise Management rejects an event or task that is part of a work flow process. You can resubmit a rejected task.

Note: When you resubmit a task, CA ControlMinder Enterprise Management resubmits all the failed or rejected nested tasks and events.

Partially Completed

Displayed when you cancel some of the events or nested tasks. You can resubmit a partially completed event or nested task.

Completed

Displayed when a task is completed. A task is completed when the nested tasks and nested events of the current task are completed.

Failed

Displayed when a task, a nested task, or an event nested in the current task is invalid. This status is displayed when the task fails. You can resubmit a failed task.

Scheduled

Displayed when the task is scheduled to execute later. You can cancel a task in this state.