Adding provider name and domain information in Privileged Access logs
Adding provider name and domain information in Privileged Access logs
2 votes
Hi,
I'm posting this feature request on behalf of a user. I'd appreciate it if the user continued the discussion with the developers if they have questions.
They'd like the Privileged Access Logs in DVLS to contain the name of the provider and the domain associated with the provider (if using AD).
Currently, they use Kusto to analyze these logs through Azure Monitor with the objective of seeing which domains are managed by the PAM module, but it's not possible for them to find which domain these accounts are part of.
We've explored fetching the information from the database, but the providers are encrypted.
It's also not an option to use the PowerShell module since there are no cmdlets to obtain the logs. Due to the previously mentioned challenges, we can't use the existing logs in a CSV as a reference.
This is how we came to the conclusion that adding these fields to the report is the simplest approach.
Thank you.
Marc-Antoine Dubois
All Comments (1)
I'm the user, I'd just want to make an addition to the previous post. The logs we believe would be suitable for determine if a environment is onboarded to PAM or not (or PAM utilization) would be to crunch either the PAM password reset logs, or the Check synchronization logs with Power BI. However, it's not possible to reference these logs today to which provider (or PAM vault) they belong to.
In version 2024.3.9, folder_name was included in the Check synchronization logs, but looks like it's been removed since then. Folder_name is the name of the PAM vault, and could be handy in our use case.