Reports
The information on the entire password management process in your enterprise is presented in the form of comprehensive reports in PAM360. The status and summaries of the different activities such as password inventory, policy compliance, password expiry, user activity etc. are provided in the form of tables and graphs, which assist the IT administrators in making well-informed decisions on password management.
PAM360 provides about fourteen canned reports classified under four types. In addition, there is provision to create custom reports.
The following types of reports are available in PAM360:
- Canned Reports
1.1 Password Reports
1.2 User Reports
1.3 General Reports
- Custom Reports
1. Canned Reports
PAM360 provides four types of canned reports:
1.1 Password Reports
All details related to device properties such as hardware properties, firmware details, audit details of the devices, etc., are presented using Password reports. To access Password reports:
- Navigate to Reports >> Password Reports.
- You will see multiple report types under this report category. The following table describes each report type in detail:
1.2 User Reports
1.3 General Reports
1.4 Compliance Reports
Report Name | What does it Convey | Additional Information |
---|---|---|
PCI DSS Compliance Report The PCI DSS stands for Payment Card Industry Data Security Standard. It is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. It represents a set of rules that need to be adhered to by businesses that process credit cardholder information, to ensure data is protected. The PCI Data Security Standard is comprised of 12 general requirements designed to:
This standard is governed by PCI Security Standards Council https://www.pcisecuritystandards.org/ |
This reports the violations in your network from the requirements of Payment Card Industry (PCI) Data Security Standard (DSS), relevant to the use and management practices of shared administrative, software and service account passwords of various systems. PCI DSS requirements 2,3,7,8,10 & 12 are covered in this report. Note: Requirements 1, 2, 3, 4, 5, 7, 8, 10 & 12 are covered in the PCI DSS report of version 4.0. This is only applicable from build 7200 onwards. Note: In order to adhere to "all" the requirements of the PCI DSS standard completely, you will need other tools and security procedures to be implemented. |
You have the option to generate separate compliance reports for each PCI DSS requirement 2,3,7,8,10 & 12. You can also generate a consolidated PCI DSS report too. This report can be generated in the form of PDF and can be emailed to required recipients. Click the links "Export to PDF" and "Email this Report" to do the required operation. |
ISO/IEC 27001 Compliance Report ISO/IEC 27001 is a specification developed to "provide a model for establishing, operating, monitoring, reviewing, maintaining, and improving an information security management system (ISMS). Simply put, ISO 27001 is a robust framework that helps you protect information such as financial data, intellectual property or sensitive customer information. The standard also stresses on the selection of adequate security controls that help protect information assets. In all, ISO 27001 has ten short clauses and also an Annex A. The Annex A alone specifies numerous control frameworks. Among them, A.9 deals with "Access Control." The clause basically requires the use of
|
This report communicates an organization's compliance level in relation to the control requirements as outlined in the clause A.9. The compliance will be based on various factors such as stringent password policies for privileged accounts in the enterprise, authentic audit records, strong authentication mechanisms, secure privileged access, and data security levels. A consolidated ISO/IEC 27001 compliance report will include information about the controls listed under A.9.1, A.9.1.1, A.9.1.2, A.9.2, A.9.2.1, A.9.2.2, A.9.2.3, A.9.2.4, A.9.2.5, A.9.2.6, A.9.3, A.9.3.1, A.9.4, A.9.4.1, A.9.4.2 and A.9.4.3. There are also option to generate separate compliance reports for requirements listed under each sections given above. |
|
NERC CIP Compliance Report The NERC CIP standards is a set of requirements designed to ensure the security and reliability of the power systems. The North American Electric Reliability Corporation (NERC) introduced the Critical Infrastructure Protection (CIP) standards mainly to protect the critical assets such as electric utilities generation and transmission systems in the power grid. Broadly, NERC CIP has nine sections that cover various physical, virtual, and organizational measures that must be enforced to secure the bulk power system. In particular, the clauses CIP-004-3a, CIP-005-3a, and CIP-007-3a mandate.
|
This reports shows an organization's level of compliance with select requirements of clauses CIP-004-3a, CIP-005-3a, and CIP-007-3a. The report will help auditors understand the various security measures implemented in the concerned organization, such as privileged access control policies, authentication checks for privileged users, user activity auditing, privileged session recording & monitoring, and password policy enforcement. Apart from a consolidated NERC CIP report, there are also options to generate separate compliance reports for requirements specific to each clauses, i.e. CIP-004-3a, CIP-005-3a, and CIP-007-3a. |
This reports can be generated in the form of PDF or spreadsheet and can also be emailed to required recipients. Click the links "Export to PDF"/Export to XLS and "Email this Report" to do the required operation. These compliance reports help address requirements only in select clauses of each security standards. In order to adhere to "all" the requirements of NERC CIP, other tools and security procedures should be implemented. |
NIS2 Compliance Report The NIS2 directive outlines over 140+ requirements that aim to strengthen cybersecurity and ensure the resilience of essential services in diverse sectors. These requirements can be broadly categorized as follows:
|
The NIS2 compliance report highlights key areas like enforcing strict privileged access controls, ensuring secure credential management, and continuous monitoring of privileged activities. It emphasizes the importance of implementing least-privilege policies, securing supply chain access, and maintaining detailed audit trails to meet the directive’s cybersecurity requirements. Compliance ensures that privileged accounts in critical systems are properly managed and protected, reducing the risk of breaches and improving overall security posture. These requirements emphasize a holistic approach to cybersecurity, ensuring that organizations maintain a proactive, resilient stance against both internal and external threats while promoting collaboration and compliance across their supply chains and workforce. |
These reports can be generated in the form of PDF or spreadsheet and can also be emailed to required recipients. Click the links Export to PDF/Export to XLS/Email this Report to do the required operation. These compliance reports help to address requirements only in a few NIS2 directives. To adhere to all the directive requirements of NIS2, other tools and security procedures should be implemented. |
1.5 Scheduling Report Generation
All reports can be scheduled to be generated at periodic intervals. The reports thus generated can be sent via email to required recipients. To create a schedule for any report:
- Navigate to Reports tab.
- Click the link Schedule Report available under the name of each report.
- In the pop-up form that opens, select the required schedule from the provided terms - Days / Monthly / Once / Never.
- Next, enter the date / time at which the schedule has to commence.
- Choose the format in which the report has to be mailed to the recipients, PDF or XLS or both.
- Select the recipients to whom the report should be mailed to, from the given options.
- You can also enter the list of email ids to which the report has to be emailed.
- Click Schedule.
The result of the scheduled task created here are audited and can be viewed from the Task Audit section.
1.6 Steps to Terminate an Existing Schedule
- Click the link Schedule Report available under the name of report (for which the schedule has to be terminated).
- In the window that opens, select the option Never.
- Click Schedule. The schedule will be terminated.
2. Custom Reports
You can create customized reports out of the four canned reports (Password Inventory, Password Compliance, Password Expiry and Password Integrity) and two audit reports (Resource Audit and User Audit). You can specify certain criteria and create customized reports as per your needs.
The custom reports have been designed to bring out specific information from the PAM360 database as per your needs. The canned reports provide a snapshot of details in general. On the other hand, you can create a custom report out of this canned report to get specific details.
Examples
Example: 1
For instance, let us take the case of creating a custom report out of Password Inventory Report. Assume that you want to get a report on the resources owned by 'User A' in 'Network Administration' department. You can create a custom report from the 'Password Inventory Report' by specifying the criteria as Resources from 'Department' 'Network Administration' AND 'Owner' name as 'User A'.
The real power of the custom reports lies in the fact that you can specify criteria expression and cull out information catering to your more specific needs.
Example: 2
Assume that your need is to take a list of all the sensitive passwords belonging to the resource types Windows and Windows Domain, Linux and Cisco, owned by a particular administrator - say John. Also, you want to get details on the share permissions for those passwords - with whom the passwords have been shared.
Here, the following are the conditions:
- Sensitive accounts with names 'administrator' on Windows and Windows Domain, 'root' on Linux and 'enable' on Cisco are to be identified
- Among such accounts, only those that are owned by john are to be identified
So, the criteria will be as follows:
To identify the 'administrator' accounts on Windows/Windows Domain, the criteria is
- Resource Type starts with Windows (take this as column C1)
- Account Name is administrator (take this as column C2)
To identify the 'root' accounts on Linux, the criteria is
- Resource Type is Linux (take this as column C3)
- Account Name is root (take this as column C4)
To identify the 'enable' accounts on Cisco devices, the criteria is
- Resource Type contains Cisco (take this as column C5)
- Account Name is root (take this as column C6)
To identify the resources owned by john
- Owner is John (take this as column C7)
Now, you need to specify the criteria expression to combine the above factors:
((C1 and C2) or (C3 and C4) or (C5 and C6)) and C7
That means, you want to identify the resources/accounts complying to any and all the criteria listed above and finally match the ownership.
2.1 Steps to Create Custom Reports
- Navigate to Reports >> Custom Reports.
- Click the link Create Custom Reports available on top left hand corner.
- In the pop-up form that opens, provide a name for the custom report being created; enter description for easy identification of the report.
- Select the type of report out of which you wish to create the custom report.
- Specify the criteria based on which the custom report has to be created. Refer to the example above on specifying the criteria. In case, you want to specify multiple values for the same column name, enter the entries in comma separated form. In the example above, in case, you want to generate the report pertaining to two departments - Network Administration and Finance departments, enter the values for the column 'Department' as Network Administration,Finance.
- To specify advanced criteria, edit the control expressions field; you can specify advanced conditions using expressions. Refer to the example above for details.
- To control the number and order of columns to be displayed in the custom report. From Select Columns on LHS, choose the required columns. Use the up, down arrows on the RHS to control the arrangement of the columns in the report
- Click Save to save the entries.
- Click Generate Report to generate the customized report.
2.2 Custom Reports - Use Case
By leveraging the power of the custom reports, you can meet many of your auditing requirements with ease. Following is just one use case:
Exit Audit Report
Continuously assessing the vulnerability with respect to password access is one of the important auditing requirements. When an administrator, who had active access to the privileged passwords leaves the organization, it is imperative to assess the vulnerability. This requires taking a list of all the passwords that were accessed by the particular user during a specified time period and then initiate steps to change the passwords.
Taking a report on all the password management operations performed by the particular administrator during a specified time period, could serve as 'Exit Audit Report'. Custom reports help you generate a report to achieve this precisely. All that you need to do is to get the report out of the 'Resource Audit'.
- Specify the time period for the custom report.
- Select the criteria as Operation Type contains (C1) (just leave the criteria field blank to represent that you want to take a report on all operations).
- 'Operated by' 'User A' (C2) who is leaving the organization.
The resultant report will provide you list of password management operations performed by the particular administrator during the time range specified.
Custom Reports out of 'Resource Audit' and 'User Audit' would prove highly useful as you would be able to meet most of your auditing requirements by properly leveraging them.
The resultant report will provide you list of password management operations performed by the particular administrator during the time range specified.