About Audit

senhasegura enables automated control of privileged credentials access monitoring that results in reports that can be evidenced for an audit process.

The Reports can be found in a central repository on the menu, granting an easy source of evidence for periodic audits. The reports give complete information about "who, when, where, why, ..." executed the actions through the senhasegura.

The logs of senhasegura are unalterable, meaning they cannot be modified, deleted or injected, ensuring all records are traceble and confidential. Reports provide a high level of security governance, including the ability to achieve better control over access to sensitive information and: 

• Privileged activity logging of all actions performed by administrators and regular users with a complete audit trail of who performed each action;
• Centralized privileged activity auditing and reporting with reports and dashboards;
• Privileged session reports with search across all text typed and displayed during a session and a video;
• A forensic search of actions and events identified during a session;

Definitions

senhasegura uses a specific terminology for its functions and functionalities. Thus, some terms must be understood before starting to use the solution:

• Access groups: used to grant and manage viewing and access to vault credentials;
• Auditor: User with a profile for the issuance of specific reports in the senhasegura solution;
• Equipment parameters: behavior settings that can be adjusted in the solution for each type of equipment;
• Global parameters: behavior settings that can be adjusted globally in senhasegura ;
• Governance ID: it is used to associate an activity performed in senhasegura to a Changes Management item, such as a Help Desk ticket, for instance;
• Password custody: possession and use of credentials stored in the senhasegura solution by the user;
• Protected information: any type of privileged information, such as hashes, RSA keys, or digital certificates;
• Password parameters: Behavior settings that can be adjusted in the solution for each credential;
• Password policy: a set of rules determined to improve the security of a company's users and devices;
• Password strength: a measure that assesses a password's effectiveness against attacks, and it is based on estimating the number of attempts to guess it;
  PCI: PCI Security Standards Council is a global forum for the ongoing development, enhancement, storage, dissemination, and implementation of security standards for account data protection;
• User: In-house employees, interns, or third parties who use or may require access to the company's systems;

Reports

This section aims to present the reports that senhasegura provides and how to use them.

This category is divided into the following parts:

• PCI Reports: information required by PCI standards to identify possible areas of non-compliance;
• Traceability: information on all changes made to data registered;
• Accesses to the system: information on user accesses;
• Events: information on various events related to credentials;
• Credentials: information on the use of the credentials stored in the vault;
• Access Control: information on actions performed by the users and access groups;
• Permissions: information on the permissions related to the screens, roles, profiles, and permissions;