Symantec Privileged Access Management

 View Only
  • 1.  Password view

    Posted Mar 19, 2020 08:21 AM
    Hi Community,

    We have a requirement to monitor the password view activity,  in case anyone views the passord of any user in PAM.

    Can you please help us to know that what type of logs are created by default is any admin/normal user tries to view the password of any user.

    Lets say if a admin try to view password of root ids and AD ids stored in PAM, what logs are genrated and Can we send those logs with SIEM?

    Regards,

    Ashish Khar



  • 2.  RE: Password view
    Best Answer

    Posted Mar 19, 2020 10:26 AM
    Hi Ashish

    I think pam doesn't currently have this report exactly, you can run the View Password Request report to see all password requests but this includes login events. This functionality is really missing in PAM.

    I have proposed in the ideas section that a dual authorization can be parameterized only for password display events


  • 3.  RE: Password view

    Broadcom Employee
    Posted Mar 20, 2020 10:31 AM
    Ashish,

    If you need to monitor in real time then you will want to use a SIEM such as splunk. Or of that is not an option, you could just have it send you an email via the password view policy:  https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-privileged-access-management/privileged-access-manager/3-3-2/implementing/protect-privileged-account-credentials/set-up-password-composition-and-view-policies/establish-password-view-policies/enable-email-notifications-for-viewed-passwords.html