Toggle Sidebar
  • Recent updates
    • Post is under moderation
      Otger Cobben
      Otger Cobben unlocked the badge Points Achiever
      Points Achiever
      Earn points on the site.
      Stream item published successfully. Item will now be visible on your stream.
    • Post is under moderation
      See also https://www.serenacentral.com/community/ideas/sbm/audit-logging. Same topic with some extra requirements from a financial institution view point with very strict security requirements. Please... add your comments and vote to this idea! More
      Stream item published successfully. Item will now be visible on your stream.
    • Post is under moderation
      Otger Cobben
      SBM has the system report Users Change History. Create and delete are very usable but modify gives all modifications. Also modifications a user does on his/her own account. For example a change passwo...rd or change in permissions or membership is not visible. So this is not very useful for audit purpose. More
      Stream item published successfully. Item will now be visible on your stream.
    • Post is under moderation
      Otger Cobben
      Otger Cobben added Audit trail to favorites
      We use SBM 11.01. High confidential data is stored in it. Therefore there are some strong audit requirements: All use of privileged accounts shall be logged in audit trails We use SBM 11.01. High con...fidential data is stored in it. Therefore there are some strong audit requirements: All use of privileged accounts shall be logged in audit trails More
      Stream item published successfully. Item will now be visible on your stream.
    • Post is under moderation
      Otger Cobben
      see https://www.serenacentral.com/community/ideas/sbm/audit-logging for new topic about this. Audit trail is indeed on the records but not on administration activity like add/delete users/groups
      Stream item published successfully. Item will now be visible on your stream.
    • Post is under moderation
      Otger Cobben
      Otger Cobben added Audit logging to favorites
      In SBM we are missing audit trail for all user administration, like add, remove, modify users and groups and changing rights. This is needed for strict security requirements we have (we are a bank).  ...To give an idea, this type of events should be logged: Logon failed Activation of an account which was blocked or suspended or expired.A password reset for an account.A change in the securty profile settings of an account. These settings can be like increasing the logon attempts of a user, or changing the minimum password length for an account etc.User CreatedUser DeletedGroup CreatedGroup DeletedGroup Permissions Changed User Added to Group User Deleted from Group User LockoutAll unauthorized access attemptsUse of privileged accounts (admin): log on/log offUse of normal accounts: log on/log off   More
      Stream item published successfully. Item will now be visible on your stream.
    • Post is under moderation
      Otger Cobben
      Some extra information: We have security event monitoring in place which reads events from a logfile, sql table or windows event log. Several scenario's are configured based on these events which will... fire an incident. For example: Account created and deleted within 24h Account added and removed from group within 24h User created and logon within 5 minutes User created or activated and logged from same IP Activated user locked or disabled more than 30 days Multiple failed logon from the same user in 2 minutes Multiple failed logon from the same IP in 5 minutes Multiple failed logon from the same IP in 24 hours Multiple failed logon from many IP on the same account in 5 minutes Multiple failed logon from many IP on the same account in 24 hours User changed more than 2 times within 24h Manual user management action outside busines shours Some events we can take from the licenceserver log. But there is no way to get user administration events. A solution can be that SBM generates an audit log where all user/group/rights administration activity is logged. It can also be logged in the windows event log. More
      Stream item published successfully. Item will now be visible on your stream.
    • Post is under moderation
      Otger Cobben
      Otger Cobben added new listing Audit logging in SBM
      In SBM we are missing audit trail for all user administration, like add, remove, modify users and groups and changing rights. This is needed for strict security requirements we have (we are a bank).  ...To give an idea, this type of events should be logged: Logon failed Activation of an account which was blocked or suspended or expired.A password reset for an account.A change in the securty profile settings of an account. These settings can be like increasing the logon attempts of a user, or changing the minimum password length for an account etc.User CreatedUser DeletedGroup CreatedGroup DeletedGroup Permissions Changed User Added to Group User Deleted from Group User LockoutAll unauthorized access attemptsUse of privileged accounts (admin): log on/log offUse of normal accounts: log on/log off   More
      Stream item published successfully. Item will now be visible on your stream.
    • Post is under moderation
      Otger Cobben
      Provide a user friend interface for administrators to manage orchestrations. Enabling the administrator to kill individual orchestrations if stuck in a loop, or view their status. The lack of orchestr...ation management tools is extremely poor - there should be an orchestration management UI whereby an Administrator can stop a single orchestration, without having to go near the db tables or do what we had to do yesterday which was purge every orchestration. That is something we cannot do in a LIVE environment. I wasted a lot of time with the consultant yesterday trying to resolve this issue, and kill a single orchestration. Our solutions are jammed full of orchestrations and we (as indeed I am sure others) would benefit from a management tool. More
      Stream item published successfully. Item will now be visible on your stream.
    • Post is under moderation
      if there are multiple admins, it is difficult to determine who change permissions for a user or group.
      Stream item published successfully. Item will now be visible on your stream.
  • No blogs available.

  • DateTitle
    17/10/2018 Audit logging
    18/04/2018 Separate user and group administration role from system administration
    18/04/2018 Orchestration and appscript/modscript does not support field of type file
    17/03/2016 Audit trail

Recent Tweets