New York Security User Group

 View Only
  • 1.  Get the detailed action taken by SEP administrator on SEPM

    Posted Aug 02, 2018 04:22 PM

    I have a request coming from our risk auditor asking if SEPM has detailed logging on ch administrator anges, such as, someone schedules a change in the coming weekend, the change will update policy X with ABC modification, how will we know that is what he has changed?

    It seemed to me that the native SEPM system auditing logs only has minimal information, such as, who logged on and when the person touched policy, other than the minimal information, I do not know find any detailed logs that what he makde the change. my auditor want to know what people planned to change and what he indeed changed.

    Does anyone know if those detailed action were recorded somewhere in SEPM or database but not directly in the SEPM logging query?  or any idea if I can retrieve the informaiton from other places such as the SQL database and how? I was thinking to use some video captuing program, however, if the change last few hours, then video  capture might not be realistic.   



  • 2.  RE: Get the detailed action taken by SEP administrator on SEPM

    Posted Aug 02, 2018 04:28 PM

    Correct. The only place it resides is in the System >> Administrative log. It has some decent info such as access, policy edits, group add/deletes but no very detailed.