Audit

  • 2 minute(s) read
Prev Next

The MySafe Audit feature enables control and monitoring of activities related to stored items.It allows administrative users to access a comprehensive report of all events related to the items, ensuring the security and traceability of information.

Features

  • Ensure traceability of all actions performed: records who did what, when, and from which location, providing a complete history of activities.
  • Filter events by various criteria: allows quick and easy retrieval of specific information in the report using filters such as item name, event type, user, period, among others.
  • View detailed information for each event: provides detailed information about each recorded action, including date and time, user, IP address, and event type.
  • Export the report in .csv format: allows downloading the report in a format compatible with various data analysis tools, facilitating the creation of customized reports and integration with other systems.
  • Schedule periodic report delivery: administrative users can set up automatic email delivery of the audit report at a defined frequency for ongoing activity monitoring.
  • Access historical records: access older event history, ensuring complete tracking of activities performed in MySafe.

Applicability

  • Security audit: monitor access and activities related to stored items, ensuring information security.
  • Compliance management: meet audit requirements and information security standards by documenting performed activities.
  • Incident investigation: investigate suspicious activities and identify potential security breaches.
  • Behavior analysis: analyze MySafe usage patterns and identify optimization opportunities.

Use case

Investigation of unauthorized access to critical password
Primary actor: Mark (MySafe user administrator).
Summary: this use case demonstrates how Mark uses the MySafe Audit feature to investigate possible unauthorized access to a critical company password stored in MySafe.

Basic flow:

  1. Noticing a possible security breach
    1. As part of his daily routine, Mark access the Audit screen to keep track of users' activities on MySafe.
    2. Mark notices multiple views to the database server password from an unknown IP address.
  2. Filtering events
    1. Mark uses the filters to refine the search:
    • Name: "Database Server" (name of the password stored in MySafe)
    • Event: "View" (to identify accesses to the password)
  3. Analyzing the records
    1. The filtered report displays all View events for the database server password.
    2. Mark reviews the records, checking:
    • Users: verifies if any of the listed users shouldn’t have viewed the password at that time.
    • IP addresses: checks if the IP addresses correspond to authorized locations and devices.
    • Date and time: confirms if the days and times of view align with the working hours of authorized users.
  4. Identifying suspicious activity
    1. Mark identifies access outside working hours from an unrecognized IP in the report.
  5. Corrective actions
    1. Based on the evidence found, Mark takes the following actions:
    • Password reset: immediately resets the database server password.
    • Access blocking: blocks the suspicious IP on the company firewall.
    • Communication and investigation: informs the security team about the incident for further investigation and additional security measures.

Conclusion

The MySafe Audit screen allowed the administrator to investigate the incident, identify unauthorized access, and take measures to protect the company's critical information. The filtering feature, detailed records, and the ability to export the report were essential for the rapid resolution of the incident.