Contents x
- 📑
Getting Started
- About senhasegura
- Use Cases
- Technical specification
- senhasegura Installation
- Architecture
- Virtual Appliances
- Crypto Appliance
- Deploy on cloud provider
- Firewall rules
- Administrative users
- How to activate the senhasegura license
- How to set up the network and change the hostname
- How to accept the End User License Agreement
- Backup
- Data Replication
- How to enable the application
- Update senhasegura
- Troubleshooting
- Basic Usage
- 📣 News v3.33
- ⚙️
Settings
- Explanation
- About Active Directory
- About Segregated Entities and Their Properties
- About User Groups
- About Related Users
- About the Access Control Layer
- About the Master Key
- About OpenID
- About LDAP/AD servers
- About senhasegura's ITSM integration
- About the Notifications
- About the authentication process with Active Directory
- About SAML
- How-to guides
- Information about settings
- User management
- Authentication
- Notifications
- Backup
- SSH
- Integrations with ticket systems
- How to manage integrations with ticket systems
- How to configure a Freshdesk integration on senhasegura
- How to configure the integration with CA Service Desk Manager in senhasegura
- How to configure GLPi integration in senhasegura
- How to configure Zendesk integration in senhasegura
- How to configure Jira Service Desk integration in senhasegura
- How to configure ServiceNow integration in senhasegura
- How to manage approver users
- How to manage bulk actions requests
- How to configure the logo in senhasegura
- Change Audit
- How to use the Emergency panel
- Logs and data purge
- Reference
- LDAP/AD
- E-mail notifications
- System Parameters
- Users management
- Services
- Multi-factor authentication
- User authentication tokens
- Export history
- Protected Informations
- Master Key
- Servers
- View Master Key
- Credentials
- Bulk operations report
- Backup Logs
- Identity management providers (IGA)
- Notifications
- List notifications
- My Notifications
- Notification texts
- OpenID providers
- Types of providers
- Providers
- Provider by user
- RADIUS server
- SAML providers
- Screen notification parameters
- SIEM
- Sent notifications
- Synchronized users
- Synchronized users for IGA
- System Parameters
- User authentication tokens
- TACACS servers
- Explanation
- 📦
senhasegura 360
- PAM Core
- Credential Management
- Devices
- Explanation
- How-to guides
- How to perform a batch import
- How to download the template file for batch import
- How to use the “Bulk Action” feature for devices
- How to approve bulk actions requests
- How to configure a device
- How to manage devices
- How to manage devices without credentials
- How to configure device categories
- How to download a local connection file for Putty and Remote Desktop
- How to check the device connectivity
- How to consult device logs
- Reference
- Credentials
- Explanation
- How-to guides
- How to setup up a credential in senhasegura
- How to register an application credential
- How to create a credential policy
- How to create a pool of credentials
- How to use domain credentials
- How to register password strength
- How to use the "bulk action" feature for credentials
- How to verify the execution history of a credential
- How to reconcile a credential
- How to configure a reconciliation credential
- How to generate a TOTP authentication token
- How to use MFA authentication with YubiKey
- How to configure a JIT credential in senhasegura
- How to connect using a JIT credential
- How to set up an SSH key
- How to perform remote access with SSH key
- How to manage SSH keys
- Reference
- Reference for access control reports
- Reference for credentials
- Reference for credential types
- Reference for domain credentials settings
- Reference for password strength
- Reference for pool of credentials
- Reference for credential policies
- Reference for credential management
- Reference for credential filtering
- Reference for JIT credentials
- Devices
- Session Management
- Explanation
- PAM Dashboard
- Session Actions
- Remote Session
- Session text
- Transfered files
- Blocked users
- PAM - Access Group
- Access Request Worlfow
- Exceptional Access
- Remote Session Configuration
- Personal Credential
- Audit
- Video Session
- senhasegura Proxy
- Database Proxy
- About Oracle wallet
- About compatibility with legacy MS SQL Server
- How-to guides
- How to configure senhasegura Database Proxy
- Database Proxy for Oracle - Setup guide
- Oracle Stand Alone Environment
- How to create the Oracle DB server Wallet
- How to generate the database credential’s certificate and key
- How to create a senhasegura user wallet
- How to configure the Oracle server to use wallet authentication
- How to configure a device in senhasegura to use the Database Proxy with Oracle
- How to configure a credential in senhasegura to use the Database Proxy with Oracle
- How to configure IDEs for the end user to connect to Oracle DB
- Oracle Cluster Environment with grid infrastructure
- How to configure the wallet for Oracle in a cluster with grid infrastructure
- How to create a senhasegura user wallet
- How to configure a device in senhasegura to use the Database Proxy with Oracle
- How to configure a credential in senhasegura to use the Database Proxy with Oracle
- How to configure IDEs for the end user to connect to Oracle DB
- How to collect the senhasegura user certificate
- Oracle Stand Alone Environment
- MS SQL Server sessions
- PostgreSQL sessions
- Oracle sessions
- How to start a Database Proxy Oracle session with DBeaver on Linux
- How to start a Database Proxy Oracle session with DBeaver on Windows
- How to start a Database Proxy Oracle session with SQL Developer on Linux
- How to start a Database Proxy Oracle session with SQL Developer on Windows
- How to start a Database Proxy Oracle session with SQL Plus
- How to modify Database Proxy port number
- Web Proxy
- About Customize settings - Web sessions parameters
- About HTTP web sessions
- How-to guides
- How to register a new web session parameter
- How to access a Web Proxy session
- How to transfer or download a file in HTTP Web Proxy sessions
- How to transfer files between Web HTTP/HTTPS sessions
- How to transfer a file over RDP Web Proxy sessions
- How to perform a PDF download in HTTP/HTTPS Web Proxy sessions
- Reference
- RDP Proxy
- Terminal Proxy
- About Encryption keys - Terminal Proxy
- About senhasegura Terminal
- How-to guides
- How to make an SSH connection via Terminal Proxy
- How to make an SSH Multihop connection via Terminal Proxy
- How to make a TELNET connection via Terminal Proxy
- How to transfer a file in Terminal Proxy sessions using SFTP
- How to transfer a file in Terminal Proxy sessions using SCP
- How to set up SSH SOCKS Tunnel for private browsing
- RemoteApp
- Troubleshooting
- Citrix Virtual Apps and Desktops
- How-to guides
- How to install Citrix Bridge Server using Docker container
- How to install Citrix Bridge Server using senhasegura Extended Services OVA
- How to add Citrix Bridge Server as a device
- How to add a RemoteApp to Citrix Bridge Server
- How to add Citrix Bridge Server credential
- How to access a Citrix desktop or application
- How-to guides
- Use cases
- Credential Management
- DevOps Secret Manager
- Explanation
- About the Secrets management dashboard
- About access control
- About applications and authorizations per application
- About authenticators in DSM
- About CI/CD
- About dynamic provisioning
- About encryption keys
- About events in DSM
- About plugins in DSM
- About secrets in DSM
- About the CI/CD variables dashboard
- About profiles on dynamic provisioning
- About the Application dashboard
- How-to guides
- How to manage authorizations per application
- How to manage an application
- How to manage secrets
- How to manage dynamic provisioning in DSM
- How to use bulk actions for secrets
- How to create and manage encryption keys
- How to use a DSM automation to inject a secret
- How to manage DSM automations
- How to configure authenticators
- Hot to use DevOps Secret Manager CLI
- How to integrate DSM with Azure DevOps
- How to integrate DSM with GitHub Actions
- How to integrate DSM with GitLab CI/CD
- How to integrate DSM with Jenkins
- How to integrate DSM with Kubernetes
- How to manage access groups
- How to manage API settings
- How to manage lines of business
- How to manage application types
- How to manage environments
- How to manage systems
- Reference
- Reference for API Logs
- Reference for DSM Audit Tracking
- Reference for bulk actions
- Reference for dynamic provisioning profiles
- Reference for DSM executions
- Reference for secrets
- Reference for credentials
- Reference for application
- Reference for authorization by application
- Reference for Encryption Keys
- Reference for CI/CD variables
- Reference for CI/CD deploys
- Reference for executions
- Reference for DSM automations
- Reference for access groups
- Reference for My approvals
- Reference for My requests
- Reference for API settings
- Reference for lines of business
- Reference for application types
- Reference for environments
- Reference for systems
- Explanation
- Domum Remote Access
- Overview
- Architecture and Domum gateway regions
- License activation
- Administrator
- About Domum user nomenclature
- Dashboards
- Request Access
- Reports
- Access control
- Settings
- Third party-user
- Internal user
- Remote users
- GO Endpoint Manager
- General introduction
- Control panel report
- Dashboard report
- Workstation report
- User report
- Application report
- Uninstallers report
- Go for Windows
- About the new GO Endpoint Manager
- Windows
- Introduction Windows
- Architecture
- GO for Windows Agent
- Installation
- Automation report
- About automation
- How to clone or edit an automation
- How to enable or turn off an automation
- How to create web authentication automation for general segregation
- How to create web authentication automation for workstation segregation
- How to create a RemoteApp type automation on GO Windows
- Automation use case
- Execute
- Control Panel
- Approval workflow
- Network Adapters
- Network Sharing
- Uninstall
- Segregated parameters
- System parameters
- Permission
- Application access lists
- Automation access lists
- Uninstaller access lists
- Privilege elevation block
- Directory and file control
- DLL blocking
- Trusted directories
- Impersonation
- GO Shell
- JIT Access
- Offline mode
- Token MFA OTP
- Application access lists
- Single Sign-On (SSO)
- Directory and file scan
- Network access blocking
- UAC integration
- Automatic update
- Session recording
- Malware analysis
- Reports
- About parent and child processes
- FAQ
- Troubleshooting
- Troubleshooting: API Authorization Error When Trying to Open the Agent
- How permissions management and application dependencies affect senhasegura.go
- Installation error messages
- Go Endpoint Manager for Windows flagged as a threat in antivirus scanners
- Applications in the control panel don't elevate privilege
- Linux
- Introduction Linux
- Getting started
- Agent installation
- Access policies
- Rules for sudo
- DAC permission
- Reports
- System parameters
- Session recording
- Troubleshooting
- Certificate Manager
- Getting started
- Certificates workflow
- Cloud certificates workflow
- Additional settings
- How to make action requests
- How to manage your approvals
- How to download the CSR and key
- How to download the certificate and key
- How to retrieve the certificate passwords
- How to link devices to a certificate
- How to set up a certificate pool
- How to automate the lifecycle of a certificate
- How to configure receiving notifications
- How to generate random certificates
- Reference
- Use case
- Cloud IAM
- Executions
- Introduction Executions
- Executors
- Templates
- Operations
- Attempt Parameters and triggers
- Profiles
- Chained operation automation
- Password change
- How to configure a password change
- Password change example
- How to change a domain user's permission in AD
- How to change a domain user's password in AD
- How to change a password with Kerberos authentication for Windows RM
- How to change a password with NTLM authentication for Windows RM
- SSH Keys rotation
- How to change SSH keys
- How to setup SAP password change
- Credentials execution profiles
- How to create a credential profile
- How to change passwords using Tk Expect for Oracle databases
- Examples
- Discovery
- MySafe
- Reference
- Passwords
- API secrets
- Files
- Notes
- Sharing center
- Batch import
- Audit
- Access control
- Integrations
- Admin
- MySafe extension
- Task Manager
- Load Balancer
- Arbitrator
- senhasegura mobile app
- Orbit Config Manager
- Monitoring
- Orbit CLI
- Explanation
- How-to guides
- How to change default passwords
- How to configure backup
- How to perform disk management
- How to check the senhasegura version
- How to configure network interfaces
- How to manage the firewall
- How to manage proxy settings
- How to set the hostname
- How to check the instance's health
- How to manage the application
- How to configure instance location
- How to manage the cluster
- How to configure NTP servers
- How to configure Domum Gateway
- How to manage operating system services
- How to configure DNS servers
- How to enable proxy or loadbalancer IPs
- How to configure remote partitions
- How to perform manual execution of senhasegura services
- How to shutdown or restart the server
- How to configure SNMP monitoring
- How to manage repositories with Orbit CLI
- How to login with certificates
- How to manage web application SSL certificate
- How to update the solution
- How to run the Discovery cleaning procedure
- How to configure Zabbix via Orbit CLI
- Reference
- Orbit Web
- Explanation
- How-to guides
- Reference
- Reference for Panel
- Reference for Application settings
- Reference for Application backup settings
- Reference for Recovery
- Reference for Replication settings
- Reference for Replication status
- Reference for Data search cluster
- Reference for Tokens
- Reference for Application versions
- Reference for Licenses
- Reference for Incidents
- Reference for System updates
- Reference for Eula
- Reference for Server settings
- Reference for Server information
- Reference for Disk and partition
- Reference for Services
- Reference for Certificates
- Reference for Backup Recovery
- Reference for Security
- Reference for Tuning system
- Reference for Orbit incidents log
- Reference for Logs
- Reference for Access proxy settings
- Reference for Proxy Services
- Reference for API - Proxy requests
- Reference for API - PEDM Windows
- Reference for API - PEDM Linux
- Reference for Application activation
- A2A
- Network Connector
- Explanation
- How-to guides
- How to install Network Connector
- How to configure devices on Network Connector
- How to configure Network Connector agents
- How to update the Network Connector agent
- How to use the Network Connector dashboard
- How to install the Network Connector agent on Google Cloud
- How to install the Network Connector agent on Microsoft Azure
- Reference
- Protected Information
- User Behavior
- Reports
- Dashboards
- PAM Core
- ☁️
Cloud Products
- Changelogs
- Cloud Security
- Cloud Entitlements
- Explanation
- Reference
- How-to
- How to access auditing details
- How to connect an AWS account
- How to connect an Oracle Cloud account
- How to connect an AWS organization
- How to connect a Google Cloud Platform organization
- How to connect a Google Cloud Platform project
- How to connect an Azure tenant
- How to set temporary policies for AWS identities
- How to set temporary policies for Azure identities
- How to customize Security policies
- How to remove roles from Azure
- How to remove policies from AWS identities
- How to view recommendations
- senhasegura SaaS
- 💻 senhasegura APIs
- Other information
- Other versions
Article summary
Did you find this summary helpful?
Thank you for your feedback
Syslog messages are based on UDP protocol through port 514 and are a maximum of 1024 bytes in size.
Notification Format
All Syslog messages follow a specific format. An example of a message in Syslog format may be:
2018-06-18T17:49:41-03:00 vm-machine senhasegura
1426 - Successfully authenticated.Plain text
This message can be divided into two parts: Header and Values.
The header is made up of date, time, hostname, and senhasegura ID information, indicating that the message is solution specific.
The values present additional event information in the format key = value.
<13>1: PRI218-06-18T17:49:41-03:00: TIMESTAMPvm-machine: HOSTNAMEsenhasegura_: AAP-NAME_1426: PROCIDSuccessfully authenticated.: MSGID
Priorities
Priority types (PRI) are categorized according to their priority in the Syslog pattern:
| Priority | Criticality | Keyword | Description | Examples |
|---|---|---|---|---|
| 0 | Emergency | emerg | The system is unusable | This level should not be used by applications. |
| 1 | Alert | alert | Some action should be taken immediately. | Loss of the primary ISP connection. |
| 2 | Critical | crit | Critical Conditions | A failure in the system’s primary application. |
| 3 | Error | err | Error Conditions | An application has exceeded its file storage limit, and attempts to write are failing. |
| 4 | Warning | warning | May indicate that an error will occur if action is not taken | A non-root file system has only 2GB remaining. |
| 5 | Notice | notice | Abnormal events, but not in an error condition | |
| 6 | Informational | info | Normal operation messages, which do not require action | An application has started, paused, or ended successfully. |
| 7 | Debug | debug | Debug Messages. |
The events configured in SYSLOG are:
| ID | Origin | Priority | Name | Description |
|---|---|---|---|---|
| 1 | COSE | notice(5) | Password Viewed | A password has been viewed by a user. |
| 2 | COSE | notice(5) | Password changed | A password has been manually changed by a user. |
| 3 | COSE | notice(5) | Password Expired | A password has expired and cannot be automatically changed. |
| 4 | COSE | notice(5) | Password daily summary | Status concerning credentials daily usage |
| 5 | COSG | notice(5) | Information viewed | Protected information is viewed by a user. |
| 6 | COSG | notice(5) | Information changed | Protected information has been changed by a user. |
| 7 | COSG | notice(5) | Information expired | Protected information has expired. |
| 8 | COEQ | warning(4) | Lost of connectivity | The application has lost connectivity with a device. |
| 9 | COEQ | notice(5) | Reestablished Connectivity | The application was able to connect to a device that was without connectivity. |
| 10 | COAU | warning(4) | Command detected - Low Urgency | An audited low criticality command was detected. |
| 11 | COAU | error(3) | Command detected - Medium Urgency | An audited command of medium criticality was detected. |
| 12 | COAU | critical(2) | Command detected - High Urgency | A highly critical audited command has been detected. |
| 13 | COAC | notice(5) | New request | A user has requested access to a password. |
| 14 | COAC | notice(5) | Request approved | A password access request has been approved. |
| 15 | COAC | notice(5) | Request Disapproved | A password access request has been disapproved. |
| 16 | COSS | notice(5) | Session started | A user has logged in. |
| 17 | COSS | notice(5) | Session finished | A user has ended a session. |
| 18 | COBA | notice(5) | Backup performed | The backup was performed correctly. |
| 19 | COBA | error(3) | Error on backup | An error occurred while backing up. |
| 20 | COTR | error(3) | Error on change | An error occurred while changing a password. |
| 21 | COTR | notice(5) | Change Executed | The password was successfully changed. |
| 22 | CORE | info(6) | Password confirmed | Reconciliation validated the password. |
| 23 | CORE | error(3) | Invalid password | The password stored in the vault is not valid. |
| 24 | COTR | info(6) | Activation executed | User is active successfully. |
| 25 | COTR | error(3) | Error on activation | An error occurred while activating the user. |
| 26 | CONO | info(6) | Change password daily report | Validation of password changes. |
| 27 | CONO | warning(4) | Low disk space - Low Urgency | Reaching 70 % of total disk space. |
| 28 | CONO | error(3) | Low disk space - Medium Urgency | When you reach 80 % of the total disk space. |
| 29 | CONO | alert(1) | Low disk space - High Urgency | Reaching 90 % of total disk space. |
| 30 | CONO | info(6) | Space disk - Daily notification | Daily Disk Space Status. |
| 31 | COSS | warning(4) | Command detected - Block and interrupt session | An audited command, configured as prohibited and subject to session interruption, was executed. |
| 32 | COSS | notice(5) | Command detected - Block | An audited command, set to prohibited, has been executed. |
| 33 | COSS | info(6) | Command detected - Allow | An audited command has been executed. |
| 34 | COSS | notice(5) | Session file modified | A session file has been modified. |
| 35 | COSE | notice(5) | Credential Owner configuration | Credential owner set. |
| 36 | COAT | notice(5) | Audit trail | Audit trail. |
| 37 | AUTH | notice(5) | Authentication messages | senhasegura.go Authentication Messages. |
| 38 | CONO | warning(4) | CPU Usage - High | CPU utilization by application is high. |
| 39 | CONO | critical(2) | CPU Usage - Critical | CPU utilization by application is at a critical level. |
| 40 | CONO | warning(4) | Memory Usage - High | Memory consumption by application is high. |
| 41 | CONO | critical(2) | Memory Usage - Critical | Memory consumption by application is at a critical level. |
| 42 | COOF | info(6) | Application started | The application senhasegura.go started. |
| 43 | COOF | info(6) | Application completed | The application senhasegura.go terminated. |
| 44 | COOF | info(6) | Credential use for network access | A credential was used for network access. |
| 45 | COOF | info(6) | New senhasegura.go version | There is a new version of senhasegura.go available. |
| 46 | COOF | notice(5) | senhasegura.go version approved | There is a version of senhasegura.go approved. |
| 47 | COOF | warning(4) | senhasegura.go version disabled | There is an inactive version of senhasegura.go. |
| 48 | COOF | notice(5) | Download of senhasegura.go version performed | A version of senhasegura.go has been downloaded. |
| 49 | COOF | notice(5) | senhasegura.go version installed | A version of senhasegura.go has been installed. |
| 50 | CRTC | notice(5) | Certificate expiration alert: 30 days | Some certificates will expire until 30 days. |
| 51 | CRTC | warning(4) | Certificate expiration alert: 7 days | Some certificates will expire in seven days. |
| 52 | CRTC | error(3) | Certificate expiration alert: 1 day | Some certificates will expire in one day. |
| 53 | CRTC | notice(5) | Certificate creation | A certificate has been created. |
| 54 | CRTC | notice(5) | Certificate renewal | A certificate has been renewed. |
| 55 | CRTC | notice(5) | Certificate revocation | A certificate has been revoked. |
| 56 | COSS | info(6) | Session indexed text | A text has been indexed. |
| 57 | COSS | info(6) | Generate video for download | A video has been generated for download. |
| 58 | CRTC | notice(5) | Request password view | A request’s password has been seen. |
| 59 | CRTC | notice(5) | Certificate password view | A certificate’s password has been seen. |
| 60 | COOF | notice(5) | Workstation approved | A workstation has been approved to use senhasegura.go. |
| 61 | COOF | notice(5) | Workstation registration | A workstation has requested senhasegura.go usage. |
| 62 | COOF | notice(5) | User created | A new workstation user has been approved to use senhasegura.go. |
| 63 | COOF | notice(5) | Using AUC | A program has requested elevation using Microsoft UAC using senhasegura.go. |
| 65 | COOF | notice(5) | View password | A credential has been requested and seen using senhasegura.go. |
| 66 | COOF | notice(5) | Copy password | A credential has been requested and copied using senhasegura.go. |
| 67 | COOF | notice(5) | Runas executed | A program has been executed using senhasegura.go. |
| 68 | COOF | notice(5) | Macro executed | A user automation has been executed using senhasegura.go. |
| 69 | COOF | notice(5) | Control panel executed | A control panel applet has been executed using senhasegura.go. |
| 70 | COOF | notice(5) | Network adapter executed | A network adapter has been requested using senhasegura.go. |
| 71 | COOF | notice(5) | Network share | A network folder has been accessed using senhasegura.go. |
| 72 | COOF | notice(5) | senhasegura.go uninstalled | senhasegura.go has been uninstalled by user decision. |
| 73 | COOF | notice(5) | senhasegura.go goes online | senhasegura.go has turned online by user decision. |
| 74 | COOF | notice(5) | senhasegura.go goes offline | senhasegura.go has turned offline by user decision. |
| 75 | COOF | notice(5) | senhasegura.go alert | senhasegura.go has sent an alert. A situation in a workstation needs attention and can affect senhasegura.go usage. |
| 76 | CRTC | notice(5) | Certificate expiration warning: 90 days | Some certificates will expire until 90 days. |
| 77 | CRTC | notice(5) | Certificate expiration warning: 60 days | Some certificates will expire until 60 days. |
| 78 | CRTC | notice(5) | Certificate expiration warning: 15 days | Some certificates will expire until 15 days. |
| 79 | CRTC | notice(5) | Certificate expiration alert: Today | Some certificates will expire today. |
| 80 | CRTC | notice(5) | Certificate link with device | A certificate was linked to a device. |
| 81 | CRTC | notice(5) | Download | A user has downloaded a certificate. |
| 82 | CRTC | notice(5) | Request Management | A request was approved or denied. |
| 83 | CRTC | notice(5) | Publication Profile Management | A publication profile was created or changed. |
| 84 | CRTC | notice(5) | Certificate Management | An action was performed in a certificate. |
| 85 | COOF | notice(5) | Error retrieving credentials | An error occurred when retrieving credentials. |
| 86 | USBH | notice(5) | Accesses at unusual time | Some accesses occurred at an unusual time. |
| 87 | USBH | notice(5) | Access with unusual average length | Access occurred with unusual average length. |
| 88 | USBH | notice(5) | Unusual accesses | A user has accessed an unusual target. |
| 89 | COOF | notice(5) | Directory and file scan - Inclusion | A file has been found in the directory scan. |
| 90 | COOF | notice(5) | Directory and file scan - Exclusion | A file has been removed from the directory scan. |
| 91 | COOF | notice(5) | Directory and file scan - Change | A file has been changed in the directory scan. |
| 92 | COBA | alert(1) | Ceremony process started | The master key ceremony has started. |
| 93 | COBA | alert(1) | User has seen his part of the key | A user saw his part of the master key. |
| 94 | COBA | alert(1) | User downloaded the PDF with his part of the key | A user downloaded the PDF with his part of the master key. |
| 95 | COBA | alert(1) | Ceremony process completed | The master key ceremony was completed. |
| 96 | COSS | notice(5) | Video scheduled for download | Video scheduled for download. |
| 97 | CODS | alert(1) | User downloaded the PDF with system dashboard. | A user downloaded the PDF with the system dashboard. |
| 98 | DOMU | notice(5) | New location | A user logged in from a new location. |
| 99 | DOMU | notice(5) | Unexpected location | A user logged in from an unexpected location. |
| 100 | CLOD | notice(5) | IAM session without owner | A credential was used for a session by a user that is not the owner of the credential. |
| 101 | CLOD | notice(5) | IAM key view without owner | A credential was viewed by a user that is not the owner of the credential. |
| 102 | COBA | error(3) | Failed recovery attempt | The recovery attempt failed. |
| 103 | COBA | error(3) | Successful recovery attempt | The recovery attempt was successful. |
| 112 | DOMU | error(3) | Domum health check | The communication between the Safe and Domum cloud services was verified. |
| 118 | USBH | notice(5) | Access unusual target | A user accessed an unusual target. |
| 119 | USBH | notice(5) | Access unusual credential | A user accessed an unusual credential. |
| 120 | USBH | notice(5) | View unusual origin | A user accessed a credential from an unusual origin. |
| 121 | USBH | notice(5) | View unusual credential | A user viewed an unusual credential. |
Orbit Alerts
| ID | Origin | Priority | Name | Description |
|---|---|---|---|---|
| 336.001 | Orbit | alert(1) | Orbit task create | Orbit task creation |
| 336.002 | Orbit | alert(1) | Orbit task execution success | Orbit task successfully executed |
| 336.003 | Orbit | alert(1) | Orbit task execution error | Orbit task executed with error |
| 336.004 | Orbit | alert(1) | Orbit log operation | Log operation |
| 336.500 | Orbit | alert(1) | Orbit alert report | Orbit Alert Information |
| 336.501 | Orbit | alert(1) | Orbit incident report | Orbit Incident Information |
Other Alerts
| ID | Priority | Name | Description |
|---|---|---|---|
| 1695.001 | notice(5) | User login | User has logged in |
| 1695.002 | notice(5) | User logout | User has logged out |
| 1695.003 | notice(5) | Session expired | User session has expired |
| 1695.010 | notice(5) | I18N_REGISTER_TWOFACTOR_TOKEN | Two-factor authentication token has been registered |
| 1695.011 | notice(5) | I18N_VALIDATE_TWOFACTOR_TOKEN | Two-factor authentication token has been validated |
| 1695.012 | notice(5) | I18N_VALIDATE_TWOFACTOR_TOKEN | Two-factor authentication token has been validated |
| 1695.013 | notice(5) | I18N_DELETE_TWOFACTOR_TOKEN | Two-factor authentication token has been deleted |
| 1695.014 | notice(5) | I18N_DELETE_TWOFACTOR_TOKEN | Two-factor authentication token has been deleted |
Values
The message value is a set in key = value format, separated by spaces. The keys have the same name as the Common Event Format (CEF). The ones used by senhasegura are:
| Key | Description | Events |
|---|---|---|
| act | Method used to access | All |
| dhost | Device hostname affected by event | , 2, 3, 8, 16, 17, 20, 21 |
| dst | Event Destination Device IP | , 2, 3, 8, 16, 17, 20, 21 |
| duid | Event related credential ID | , 2, 3, 13, 14, 15, 16, 17, 20,21 |
| duser | Event related credential username | , 2, 3, 13, 14, 15, 16, 17, 20,21 |
| Key | Description | Events |
|---|---|---|
| msg | Additional Event Details | All |
| requestMethod | The method used for access | All |
| sname | Username in the senhasegura that generated the event | All |
| spid | The ID of the process where the event was generated | All |
| spriv | User type in senhasegura that generated the event | All |
| suid | User ID in the senhasegura that generated the event | All |
| suser | Username of the user who generated the event | All |
Was this article helpful?
Thank you for your feedback! Our team will get back to you
How can we improve this article?
Your feedback
Comment
Comment (Optional)
Character limit : 500
Please enter your comment
Email (Optional)
Email
Please enter a valid email
