SSH and SSL Audits and Reports

16 minutes to read
  1. Audits

    1.1 Viewing Audit Records

    1.2 Classified Audit Records

    1.3 Configuring SNMP traps and Syslog settings

    1.4 Key Audit Notifications

    1.5 Purging audit trails

  2. SSH and SSL Reports

    2.1 Viewing Reports

    2.2 Exporting Reports

    2.3 Selecting Reporting Period

    2.4 Creating Scheduled Tasks

1. Audits

PAM360 comes with an efficient auditing mechanism, which records all activities performed in the product. The audit trails capture information on 'who' performed 'what' operation and 'when'. While the Password users in PAM360 can only view the audit records for their actions, the administrators can view the audit records pertaining to all users.

1.1 Viewing Audit Records

The last five entries in the audits can be viewed instantly from the Operation Audit of the Keys Dashboard page. You can view the full audit records by navigating to Audit >> Keys/Certificate Audit. You can apply filters and selectively view the required records. By clicking on the search icon in the right top corner of the audit table, you can invoke text boxes to search and selectively view required records. The Certificates related audits of all the users will be available under Audit >> Certificate Audit. The Certificate Audit is not user-specific, which means the audits related to the certificates can be viewed by the administrator(s). Whereas Keys Audit, which is available under Audit >> Keys Audit contains both the Certificates and SSH Keys related audits is user-specific, which means only that particular user will have access to those audits.

Audit trails have been classified into the following categories:

  • Key Association Audit
  • Key Rotation Audit
  • Schedule Audit

1.2 Classified Audit Records in Respective Pages

  1. Navigate to SSH Keys >> Key Rotation Audit to view the records of all SSH key rotation operations executed from PAM360.
  2. Navigate to SSH Keys >> Key Association Audit to view the record of all SSH key association operations executed using PAM360.
  3. The Schedules tab contains audit trails related to various scheduled tasks created in PAM360, including scheduled key rotation and discovery, and report generation operation. To view, navigate to Admin >> SSH/SSL Config >> Schedules and click on the Schedule Audit icon in the top-right corner of the tab. You can even drill-down the task execution result.

1.3 Configuring SNMP Traps and Syslog Settings

You can configure PAM360 to send SNMP traps and/or Syslog messages to other management systems, for the various operations that take place within PAM360. To configure, navigate to Admin >> Integrations >> SNMP Traps/Syslog Settings. Here you need to provide basic information such as Hostname, Port to get the SNMP Traps or Syslog messages set up.

1.4 Key Audit Notifications

You can send notifications for key audit operations performed in PAM360 by navigating to Audit >> Key Audit >> Audit Actions >> Configure Keys Audit. Here, you will have the option to send the notifications as email, SNMP traps, or Syslog settings. You can choose which key-related operations you want to create an alert for and send the notifications to all administrators, all auditors or specific users and user groups.



1.5 Purging Audit Trails

By navigating to Audit Actions >> Purge Audit trails under Keys Audit/Certificate Audit, you can specify the number of days after which the audit records must be purged for various key-related operations such as operation, discovery, association, rotation, and schedule.


2. SSH and SSL Reports

PAM360 presents the information on the entire SSH key and SSL certificate management process in your enterprise in the form of comprehensive reports. The status and summaries of the different activities such as public key deployment, private key rotation, access to servers, list of all SSH users and their key association,list of SSL certificate, SSL validity, etc. are provided in the form of tables and graphs, which assist the IT administrators to make a well-informed decisions on SSH key and SSL certificate management.

2.1 Viewing Reports

You can view the reports from the Reports tab in the GUI. PAM360 provides the following reports:

SSH Reports

  1. Private Key Report – View a detailed report of the SSH keys generated or imported via PAM360.
  2. Private Key Rotation Report – View a detailed report of the SSH key rotations executed using PAM360.
  3. Public Key Deployment Report – View a detailed report of SSH keys that are deployed in the target systems.
  4. PGP Keys Report – View a detailed report of all the PGP keys stored and managed in PAM360.

SSL Reports

  1. SSL Certificate Report – View a detailed list of all SSL certificates imported, discovered, and created using PAM360.
  2. SSL Request Report – View a detailed report on all the certificate requests raised from PAM360.
  3. SSL Expiry Report – You can directly apply an expiry filter when selecting this report. A detailed report of the certificates with expiry information relevant to your selection, are displayed.
  4. Wildcard SSL Certificates Report - This report provides a detailed view of the wildcard SSL certificates in use and also the servers in which the certificates are deployed.
  5. Deployed Servers Report – This report provides a detailed view of those certificates that are deployed in more than one server.
  6. AD User Certificates Report – View a detailed list of all the certificates mapped to user accounts in Active Directory.
  7. SHA1 Certificates Report – This report provides a detailed view of all the SHA-1 certificates deployed in the organization.
  8. Deployment Report – This report provides information on the certificates deployed through PAM360.
  9. Let's Encrypt Report – Details on the status of certificate requests submitted to Let's Encrypt CA.
  10. Let's Encrypt Certificates Report – This report is a subset of SSL certificate report, that provides a detailed view of certificates procured from Let's Encrypt CA.
  11. SSL Vulnerability Report – This report provides detailed information on vulnerability scan performed on SSL certificates stored in PAM360 repository.
  12. Microsoft Certificate Authority Auto Renewal Report : This report provides details on attempted / successful auto-renewals of certificates issued by Local certificate authority, invoked from PAM360.
  13. Certificate Sign Report - This report provides a detailed list of certificates that are signed—either using Microsoft Certificate Authority or based on a root certificate—from Key Manager Plus.
  14. GlobalSign Orders Report – This report is a subset of SSL certificate report; it provides a detailed view of certificate orders requested from GlobalSign CA. Use the Date Filter to view orders within a particular time period. The contents of this report can be exported in the PDF, CSV formats or sent as an Email to the specified recipients.
  15. Certificate Renewal Report – This report provides details on attempted/successful auto-renewals of certificates issued by Local CA, certificates issued/renewed from third-party CA, Certificates issued by MSCA using agent and self-signed certificate renewal, invoked from PAM360.
  16. Buypass Go SSL Certificates report – This report provides details on the status of the certificate requests submitted to Buypass Go SSL CA. It displays vital details such as the Common Name, DNS Name, Issuer, Validity, and Creation time. Use the Date Filter to view orders submitted within a specific time period. You can export this report in PDF & CSV formats, or send via email to the specified recipients.
  17. ZeroSSL Certificates report – This report provides details on the status of the certificate requests submitted to the ZeroSSL CA. The attributes displayed in the report includes: Common Name, DNS Name, Issuer, Validity, and Creation time. Use the Date Filter to view orders submitted within a specific time period. You can export this report in PDF & CSV formats, or send via email to the specified recipients.
  18. MDM Certificates report – This report provides detailed information on the MDM certificates managed via PAM360. This report includes details such as: Common Name, Device Name, Issuer, Date of Expiry, Signature Algorithm, and Serial Number. Use the Show drop down to filter the report view based on the OS type. Use the Date Filter to view certificates imported within a specific time period. You can export this report in PDF & CSV formats, or send via Email to the specified recipients.
  19. Certificates Sync Status Report – This report provides a detailed view of the sync status of SSL certificates that are deployed to multiple servers through PAM360.
  20. Azure Certificate Report - This report provides detailed information on the certificates from the Azure portal that is managed via PAM360. This report contains details such as Certificate Name, Domain Name, Key Vault, Issuer, Expiry Date, Created Time, Valid From, and Lifetime Action. Use the Date Filter to view certificates imported within a specific time period. You can export this report in PDF & CSV formats or send it via Email to the specified recipients.
  21. Load Balancer Certificate Report - This report provides you with the list of certificates deployed to the load balancer with the relevant information such as Common Name, Server Name, Credential Name, Load Balancer Type, Services, Virtual Servers, and Last Synced. You can export this report in different formats available in the Export drop-down at the top.
  22. Azure Certificates Request Report - This report provides details on the status of the certificate requests submitted to Azure Key Vault. It displays important information such as Certificate Name, Domain Name, Key Vault, Issuer, Expiry Date, Created Time, Valid From, Last Updated, and Lifetime Action.
  23. AWS Certificate Request Report - This report provides details on the status of the certificate requests submitted to AWS-ACM. You can export this report in the available types with important information such as Domain Name, SAN, ARN, Ordered Time, ACM, Region, and Renewed On.
  24. AWS Certificate Report - This report provides detailed information on the certificates obtained from the AWS-ACM and managed via PAM360. Select the required report criteria from the Column Chooser before exporting the report in the desired format.
  25. MSCA Certificates Report - This report provides the entire list of SSL certificates provided by the Microsoft Certificate Authority and managed via PAM360. It displays important information such as Common Name, DNS Name, Issuer, Valid To, Key Size, Description, etc. Use the Column Chooser to display the required information and to export the report in the available formats.
  26. MSCA Revoke and Delete Report - This report list the certificates revoked and deleted by the MSCA. It displays information such as Common Name, Certificate Authority, Certificate Template, pki.msca.revokedBy, pki.msca.revokeReason, pki.msca.deletedOn, pki.msca.deleteStatus, etc. You can select the required criteria from the Column Chooser at the top pane before exporting the report in the desired type.
  27. Sectigo Certificate Report - This report provides the SSL certificates list imported from SCM or created by SCM and managed via PAM360. You can export this report in PDF & CSV formats or send it via Email to the specified recipients.
  28. Azure TLS Secret Reports - This report presents the Azure TLS secrets managed in PAM360. It provides details like Secret Name, Version ID, Key Vault Name, Validity, Secret Status, and more. Before exporting the report, you can choose the desired criteria from the Column Chooser located in the top pane. Additionally, you have the option to export reports for specific time periods using the Time Period icon next to the column chooser.
  29. ACME Requests Report - This report offers a comprehensive list of SSL certificate requests submitted to the accessible ACME providers, along with vital details, including Creation Time, Requested By, ACME Provider Name, Request Status, and Certificate Status. Utilize the Export drop-down menu for filtering reports specific to ACME providers and employ the desired option to save the report in various formats. For further refinement of your report search, you can leverage the Time Period option located in the top panel.
  30. ACME Certificates Report - This report provides the entire list of SSL certificates provided by the ACME providers with general information such as DNS Name, Issuer, Valid To, Signature Algorithm, ACME Provider Name, etc. To refine your report search, you can use the available Time Period option, available in the top pane. Use the drop-down menu to filter the reports relevant to the ACME providers, the Column Chooser to display the required information, and the Export drop-down menu to export the report in the available formats.

2.2 Exporting Reports

You can export the reports generated in PAM360 as a CSV or PDF and also email the reports.

To export a report:

  1. Select any report from those enumerated in the Reports tab in the GUI.
  2. Click the Export button in the top-right corner of the window.
  3. Select any of the options from the drop-down list.
    • PDF – Export the report as a PDF file to the system.
    • CSV – Export the report as a CSV file to the system.
    • Email – Export the report via mail. Specify the email addresses of the users you wish to provide the reports.

2.3 Selecting Reporting Period

You can apply date filters and generate reports for a specified time period alone. To filter the reports by date:

  1. Select any report (except SSH users report) from those enumerated in the Reports tab in the GUI.
  2. Click the Date filter in the top-right corner of the window.
  3. Specify the from and to date of the time period within which you wish to view reports.
  4. Click Save.

    5. Note : Use the Export feature with the Date Filter applied to export the data only reported within the time period specified.

2.4 Creating Scheduled Tasks for Automatic Report Generation

You can create scheduled tasks for generating reports automatically. The reports will also be emailed to you or to any number of recipients as required.

To schedule report generation:

  1. Navigate to Admin >> SSH/SSL Config >> Schedules.
  2. Click the Add Schedule button.
  3. In the Add Schedule window, enter a name for the schedule and select the type of schedule as Report.
  4. Select the report type. All the reports selected here will be sent via email.
  5. Specify the periodicity for report generation - hourly, daily, weekly, monthly or once only. Specify when you want to start the report generation operation. Set the starting time, date, or day corresponding to the option chosen.
  6. Enter the email addresses of the users you wish to provide the report.
  7. Click Save.

You will get a message confirming addition of a new schedule.
Top
Back to Top