Auditing and Graphs

Passwordstate provides comprehensive reporting to ensure you can meet the governance requirements within your organization.  All reporting makes use of the built-in audit events.  There are more than 110 audit events in Passwordstate, providing a rich source of information that spans multiple categories, including,

Access to PasswordstateAccess to PasswordsAll Passwords Exported
Auditing Data ArchivedDiscovery JobsDocuments
EmailsEmail TemplatesEmergency Access
Encryption KeysFailed APIHosts
LoginsPasswordsPassword Lists
Password ResetsPassword ValidationPrivileged Accounts
Remote SessionsReportingRestricted Features
Security AdministratorsSecurity GroupsSelf Destruct
TemplatesUser AccountsUser Identity

When reporting on audit events, you can specify all sources or be selective.  For example, you could report on only audit events relating to your Windows Service or your High Availability node.  These events can then be exported to Microsoft Excel for further analysis, or summarized using the built-in Auditing Graphs.

…But before we get into the details for Auditing and Graphs

If you are trying to diagnose issues around a specific Password or Account you can quickly check the Recent Activity grid for the Password List that contains that account.  This will provide useful information relating to the account and why activities such as Password Resets may not have occurred.  The example below is for the helpdesk account which has been temporarily locked out;

Selecting Data using Auditing Filters

To begin with navigate to Administration->Auditing and decide on the events you want to review.  By default, the display grid will show all audit events that have occurred.  The Auditing Filters, show in the image below, help you to selectively focus on the specific types of events you are interested in reviewing;

The Platform options shown in the green rectangle are;

  • All, as the name implies this includes audit events for all the platform categories
  • Web, this platform category includes all audit events related to your Passwordstate Website
  • Mobile, this category includes all audit events related to either your Mobile Client installation in Passwordstate up to and including Version 8, or related to the new native Mobile Apps included in Passwordstate V9.  Please note that as of the release of Passwordstate V9 the original Mobile Client is deprecated and no longer included with the Installer Files.
  • API, the API category includes those audit events associated with API Calls
  • Windows Service, includes all audit events associated with AD synchronization, Password Resets, Host and Account Discovery jobs, sending emails and querying event logs
  • Browser Extension, covers Browser Extension authentication with Passwordstate, saving, retrieving and updating of passwords and the use of the password generator,
  • Instance, you can also select your Instance to focus on, either your Primary or HA instance or Both

Lastly, you can elect to include Archived Data by selecting either the No or Yes radio buttons.  By selecting No you will be querying the live audit events, if you select Yes it will query the Archived Data.  Now you can filter down on a number of items as per the image below;

The fields in the Green rectangle above cover;

  • Max Records, allows you to specify the maximum number of records you wish to return as part of the search.  If you wish to return all records you can enter 0 in this field
  • Password List, allows you to focus on a specific Password List in the drop down list, or search for events across all Password Lists
  • Activity Type, allows you to focus on specific audit events, or report against All Activities
  • Site Location Activity, allows you to focus on events for a specific Remote Site Location.  This only applies if you have deployed and have an active subscription for Remote site Locations.  The default for all installations is internal.  For Remote Site Locations enter the number that corresponds with the Remote Site Location you wish to report against.
  • Begin and End Date, narrows the focus to the selected date range.  Simply use the calendar date pickers for the start date and end dates you wish to focus on.  A blank begin date will report all events that match the selected criteria up until the specified end date.  By default, the End Date is always the current days date

Then simply click on Search to narrow the focus down to those specific events.  Don’t forget that you can also filter down using the standard filter boxes under the column headings in the display grid (shown in the gold rectangle).

Export and Purging Audit Records

You may want to take a copy of the selected records, so that they can be included in a report or you may want to periodically Purge specific Audit Records.  The options for these are situated at the bottom of the display grid as per the image below,

The Export to Excel will produce an Excel file called AuditingReport.xls containing the contents as per the executed filter. 

If you select Purge Audit Records you will be taken to the Purge Auditing Data screen which explains the process necessary to perform the purge.  Please note there is no automated purge within Passwordstate.  You will need a Database Administrator, or someone responsible for support and maintenance on your SQL database, to perform the activities required.  The Purge Auditing Data screen is shown below,

Graphs based on Auditing Data

Auditing Graphs provide a great summary view of your audited events.  Like with the Auditing section, you can define filters for the Graphs that are very similar to those on the Auditing screen. 

In the example below I’ve run a simple view based on Audit Activity of Login Attempt Failed for 1 year.

The key difference to note is that the duration timeframe is retrospective from the day the graph is based.  In the example above it looks back 1 year from the current date.

The Auditing and Graphing capabilities are extremely useful and enable comprehensive reporting against your governance requirements.  If you have any comments or feedback we’d love to hear it via