Audit and Reports
1. Audit
1.2 Classified Audit Records in Respective Pages
2. Reports
2.1 View Reports
2.1.1 SSL Reports
2.1.2 Public CA Reports
2.1.3 SSH Reports
2.1.4 Common Reports
2.2 Export Reports
1. Audit
Key Manager Plus comes with an efficient auditing mechanism, which records all activities performed in the product. The audit trails capture information on 'who' performed 'what' operation and 'when'. Only the administrators in Key Manager Plus can view the audit records pertaining to all users. The operators can only view the records pertaining to them.
1.1 View Audit Records
You can view the audit records in the Audit tab of the GUI. You can apply filters and selectively view the required records. Click the Search icon present in the right hand corner of the audit table to apply filters.
Audit trails have been classified into the following categories:
- Operation Audit – View the record of all operations executed from the Key Manager Plus interface.
- Discovery Audit – View the record of all SSH resource and SSL certificate discovery instances initiated using Key Manager Plus.
- Schedule Audit – View the record of any schedules executed using Key Manager Plus.
- Key Association Audit – View the record of all SSH key association operations executed using Key Manager Plus.
- Key Rotation Audit – View the record of all SSH key rotation operations executed using Key Manager Plus.
- User Audit – View the record of all user authentications to the Key Manager Plus.
Playback Remote Terminal Access
When users launch remote access to SSH terminals, Key Manager Plus captures the operations performed and commands used. Key Manager Plus administrators can playback the sessions and view them for forensic analysis. Such direct terminal connections are classified as "Terminal" in the operation type of audit records.
To playback the terminal access:
- Navigate to the Audit tab in the GUI.
- Click the Terminal link under the operation type.
The recorded SSH session opens in a new window.
1.2 Classified Audit Records in Respective Pages
- The last ten entries in the audits can be viewed instantly from the Operation Audit - Live Feed in the Dashboard page.
- View the records pertaining to any scheduled or on-demand SSH discovery execution from the Discovery Audit in the top-right corner of the Discovery tab. When you click the name of any host or IP address, you will be redirected to the Discovery Status page where the status of discovery is updated. Also, you can export the audit records and send that as email by clicking the Export icon on the top right corner of the Discovery Status page.
- Records related the operations such as key association with users and rotation of keys are captured separately in the SSH >> SSH Keys tab. Click Key Association Audit and Key Rotation Audit in the top-right corner of the SSH keys >> SSH Keys tab to view the records. You can even drill-down the respective operations by clicking the names.
- Audit trails related to various scheduled tasks created in Key Manager Plus, including scheduled key rotation and discovery, and report generation operations can be viewed from the Schedules tab. Click Schedule Audit in the top-right corner of the Schedule tab. You can even drill-down the task execution result.
2. Reports
Key Manager Plus presents the information on the entire SSH key and SSL certificate management process in your enterprise in the form of comprehensive reports. The status and summaries of the different activities such as public key deployment, private key rotation, access to servers, list of all SSH users and their key association,list of SSL certificate, SSL validity, etc. are provided in the form of tables and graphs, which assist the IT administrators to make a well-informed decisions on SSH key and SSL certificate management.
2.1 Reports Available in Key Manager Plus
You can view the reports from the Reports tab in the GUI. Key Manager Plus provides the following reports:
2.1.1 SSL Reports
- SSL Certificate Report – View a detailed list of all SSL certificates imported, discovered, and created using Key Manager Plus.
- SSL Request Report – View a detailed report on all the certificate requests raised from Key Manager Plus.
- SSL Expiry Report – You can directly apply an expiry filter when selecting this report. A detailed report of the certificates with expiry information relevant to your selection, is displayed.
- Wildcard SSL Certificates Report - This report provides a detailed view of the wildcard SSL certificates in use and also the servers in which the certificates are deployed.
- Deployed Servers – This report provides a detailed view of those certificates that are deployed in more than one server.
- Certificates Sync Status Report - This report provides a detailed view of the sync status of SSL certificates that are deployed to multiple servers through Key Manager Plus.
- AD User Certificates Report – View a detailed list of all the certificates mapped to user accounts in Active Directory.
- Certificate Sign report – This report provides a detailed list of certificates that are signed—either using Microsoft Certificate Authority or based on a root certificate—from Key Manager Plus.
- SHA-1 Certificates Report – This report provides a detailed view of all the SHA-1 certificates deployed in the organization.
- Deployment Report – This report provides information on the certificates deployed through Key Manager Plus.
- SSL Vulnerability Report – This report provides detailed information on vulnerability scan performed on SSL certificates stored in Key Manager Plus repository.
- Certificate Renewal Report – This report provides details on attempted / successful auto-renewals of certificates issued by Local CA, certificates issued/renewed from third-party CA, Certificates issued by MSCA using agent and self-signed certificate renewal, invoked from Key Manager Plus.
- AWS Certificate Report – This report provides detailed information on the certificates obtained from the AWS-ACM and managed via Key Manager Plus. Select the required report criteria from the Column Chooser before exporting the report in the desired format.
- AWS Certificate Request Report – This report provides details on the status of the certificate requests submitted to AWS-ACM. You can export this report in the available types with important information such as Domain Name, SAN, ARN, Ordered Time, ACM, Region, and Renewed On.
- Azure Certificates report - This report provides detailed information on the certificates from the Azure portal that are managed via Key Manager Plus. This report contains details such as Certificate Name, Domain Name, Key Vault, Issuer, Expiry Date, Created Time, Valid From, Last Updated, and Lifetime Action. Use the Date Filter to view certificates imported within a specific time period. You can export this report in PDF & CSV formats, or send it via email to the specified recipients.
- Azure Certificate Requests report - This report provides details on the status of the certificate requests submitted to Azure Key Vault. It displays important information such as Certificate Name, Domain Name, Key Vault, Issuer, Expiry Date, Created Time, Valid From, Last Updated, and Lifetime Action.
- Kubernetes TLS Secrets Report -
- Load Balancer Certificate Report – This report provides you with the list of certificates deployed to the load balancer with the relevant information such as Common Name, Server Name, Credential Name, Load Balancer Type, Services, Virtual Servers, and Last Synced. You can export this report in different formats available in the Export drop-down at the top.
- Azure TLS Secret Reports - This report presents the Azure TLS secrets managed in Key Manager Plus. It provides details like Secret Name, Version ID, Key Vault Name, Validity, Secret Status, and more. Before exporting the report, you can choose the desired criteria from the Column Chooser located in the top pane. Additionally, you have the option to export reports for specific time periods using the Time Period icon next to the column chooser.
- MDM Certificates report – This report provides detailed information on the MDM certificates managed via Key Manager Plus. This report includes details such as: Common Name, Device Name, Issuer, Date of Expiry, Signature Algorithm, and Serial Number. Use the Show drop down to filter the report view based on the OS type. Use the Date Filter to view certificates imported within a specific time period. You can export this report in PDF & CSV formats, or send it via email to the specified recipients.
- MSCA Revoke and Delete Report – This report list the certificates revoked and deleted by the MSCA. It displays information such as Common Name, Certificate Authority, Certificate Template, pki.msca.revokedBy, pki.msca.revokeReason, pki.msca.deletedOn, pki.msca.deleteStatus, etc. You can select the required criteria from the Column Chooser at the top pane before exporting the report in the desired type.
- MSCA Certificates Report – This report provides the entire list of SSL certificates provided by the Microsoft Certificate Authority and managed via Key Manager Plus. It displays important information such as Common Name, DNS Name, Issuer, Valid To, Key Size, Description, etc. Use the Column Chooser to display the required information and to export the report in the available formats.
- Jenkins Access Report - This report generates a list of CSR/certificates created or downloaded from Key Manager Plus via the Jenkins plugin.
- Private CA Reports - The Private CA Reports in Key Manager Plus provide users with comprehensive insights into certificates signed by Private CAs, encompassing both end-user and intermediate certificates. This report includes essential details such as Common Name, DNS Name, Issuer, Valid To, Signature Algorithm, Key Size, and Key Algorithm. Users can customize the report by enabling options such as 'Show Primary Private CAs Only' to display only the Private CAs whose intermediate certificates are signed by the root or 'Display only certificates directly signed by the selected Private CA' to exclude certificates signed by further CAs whose holding an intermediate certificate from the selected Private CA. The Time Period option in the top pane allows users to refine their search based on specific timeframes, while the Column Chooser provides flexibility in displaying relevant information. Additionally, users can export the report in various formats using the Export drop-down menu, enhancing usability and compatibility.
2.1.2 Public CA Reports
- Let's Encrypt Request Report – This report is a subset of SSL certificate report, that provides a detailed view of certificates procured from Let's Encrypt CA.
- Let's Encrypt Certificate Report – Details on the status of certificate requests submitted to Let's Encrypt CA.
- Buypass Go SSL Request Report - Details the insights of all the SSL certificate requests submitted to Buypass Go SSL CA.
- Buypass Go SSL Certificates Report – This report provides details on the status of the certificate requests submitted to Buypass Go SSL CA. It displays vital details such as the Common Name, DNS Name, Issuer, Validity, and Creation time. Use the Date Filter to view orders submitted within a specific time period. You can export this report in PDF & CSV formats, or send it via email to the specified recipients.
- ZeroSSL Requests Report - Details the insights of all the SSL certificate requests submitted to ZeroSSL CA.
- ZeroSSL Certificates Report – This report provides details on the status of the certificate requests submitted to the ZeroSSL CA. The attributes displayed in the report includes: Common Name, DNS Name, Issuer, Validity, and Creation time. Use the Date Filter to view orders submitted within a specific time period. You can export this report in PDF & CSV formats, or send it via email to the specified recipients.
- ACME Requests Report - This report offers a comprehensive list of SSL certificate requests submitted to the accessible ACME providers, along with vital details, including Creation Time, Requested By, ACME Provider Name, Request Status, and Certificate Status. Utilize the Export drop-down menu for filtering reports specific to ACME providers and employ the desired option to save the report in various formats. For further refinement of your report search, you can leverage the Time Period option located in the top panel.
- ACME Certificates Report - This report provides the entire list of SSL certificates provided by the ACME providers with general information such as DNS Name, Issuer, Valid To, Signature Algorithm, ACME Provider Name, etc. To refine your report search, you can use the available Time Period option, available in the top pane. Use the drop-down menu to filter the reports relevant to the ACME providers, the Column Chooser to display the required information, and the Export drop-down menu to export the report in the available formats.
- GoDaddy Orders Report - This reports details the insights of all the SSL certificate requests submitted to GoDaddy with vital information.
- The SSL Store Orders Report - This report details the insights of all the SSL certificate requests submitted to The SSL Store.
- DigiCert Orders Report - This report details the insights of all the SSL certificate requests submitted to DigiCert.
- GlobalSign Orders Report – This report is a subset of SSL certificate report; it provides a detailed view of certificate orders requested from GlobalSign CA. Use the Date Filter to view orders within a particular time period. The contents of this report can be exported in the PDF, CSV formats or sent as an Email to the specified recipients.
- Sectigo Certificate Report – This report provides the SSL certificates list imported from SCM or created by SCM and managed via Key Manager Plus. You can export this report in PDF & CSV formats or send it via Email to the specified recipients.
- Entrust Orders Report - This report provides provides the insights of all the SSL certificate requests submitted to Entrust CA.
- emSign Orders Report - This report details the insights of all the SSL certificate requests submitted to emSign CA.
2.1.3 SSH Reports
- SSH Resource Report – View a detailed report of the SSH resources discovered using Key Manager Plus.
- Landing Servers Report – View a list of landing servers configured in Key Manager Plus along with information such as primary and secondary server IP address, user account details and configuration time.
- Private Key Report – View a detailed report of the SSH keys generated or imported via Key Manager Plus.
- Private Key Rotation Report – View a detailed report of the SSH key rotations executed using Key Manager Plus.
- Public Key Deployment Report – View a detailed report of SSH keys that are deployed in the target systems.
- Server Access Report– View the information on 'who' accessed 'what' servers using Key Manager Plus.
- SSH Users Report – View the list of SSH users enumerated from the discovered resources.
2.1.4 Common Reports
- All Keys report – View a detailed report of all the SSH private keys, digital keys, and SSL certificates available in the Key Manager Plus repository.
- Audit Report – View the list of all audit trails generated in the product.
- User Access Report – View a detailed report of all the user login and logout events in Key Manager Plus.
- Key Vault Report – View a detailed report of all the digital keys stored in the Key Manager Plus' Key Vault.
- PGP Keys Report – View a detailed report of all the PGP keys stored and managed in the Key Manager Plus' Key Vault.
2.2 Exporting Reports
You can export the reports generated in Key Manager Plus as a CSV or PDF and also email the reports.
To export a report:
- Select any report from those enumerated in the Reports tab in the GUI.
- Click the Export button in the top-right corner of the window.
- Select any of the options from the drop-down list.
2.3 Configuring Report Period
You can apply date filters and generate reports for a specified time period alone. To filter the reports by date:
- Select any report (except SSH users report) from those enumerated in the Reports tab in the GUI.
- Click the Date filter in the top-right corner of the window.
- Specify the from and to date of the time period within which you wish to view reports.
- Click the Save button.
Note: Use the Export feature with the Date Filter applied to export the data only reported within the time period specified.
2.4 Creating Scheduled Tasks for Automatic Report Generation
You can create scheduled tasks for generating reports automatically. The reports will also be emailed to you or to any number of recipients as required.
To schedule report generation:
- Click the Schedule tab in the GUI.
- Click the Add Schedule button.
- In the Add Schedule window, enter a name for the schedule and select the type of schedule as Report.
- Select the report type. All the reports selected here will be sent via email.
- Specify the periodicity for report generation - hourly, daily, weekly, monthly or once only. Specify when you want to start the report generation operation. Set the starting time, date, or day corresponding to the option chosen.
- Enter the email addresses of the users you wish to provide the report.
- Click the Save button.
You will get a message confirming addition of a new schedule.