VaultOne is a great tool to assist in your company's audit processes!
This article is a compilation of actions, along with instructions, for you to audit using VaultOne!
We believe that three types of checks are the cornerstone of a good audit. Are they:
1. Check session recordings
2. Check user activities
3. Analyze the vault logs
1. Check session recordings
VaultOne provides screen recording functionality for computers that are accessed remotely.
It is important to point out that the platform does not record the user's computer, only the remote accesses that the user makes through the platform. That is, in the computers menu, users can access servers or computers remotely and these remote accesses will be recorded.
As an administrator or user with the necessary permission, you will be able to check all activities carried out through remote access. To do this, access the Servers menu, locate the desired computer to check the screen recording, click on Actions and then select the View option:
A new window will open. Click on the Connections tab and then View more as shown by the highlighted parts in the images:
On this new screen, you will see all connections made remotely on this computer or server. Just click View Files on the connection you want to check:
Now, just click on the Video you would like to see. The video will appear on your screen. You can watch it directly there or download it to your computer.
2. Check user activities
Keeping track of the activities that take place in the vault, as well as the users who use the platform, is of enormous importance for the company's security.
However, keeping an eye on credentials and capabilities alone may not be enough. Whenever an employee is terminated, for example, it is necessary to exclude all access he may have to important company resources.
In addition, if VaultOne is mandatory for all users, it is important to know if they are actually using the platform to access resources and privileged information.
In the Dashboard, there are two dashboards, one for the common user and another for the administrator users, you can access this administrator dashboard by clicking on the name of your vault as shown in the example below:
Look for Last Logins and click on Load data:
NOTE: According to analyzes made with user login data on VaultOne, not all users use the platform with the same frequency. Usage is usually daily, however, there are users who access the platform once a week or even fortnightly. Before deactivating an account or deleting a user from the vault, contact them and ensure how often they are used.
3. Analyze Logs
Click on the administration menu and then on Audit:
On this screen, you will see the last actions of vault users. Click Show advanced filters to check more specific actions:
From this screen, you can search for more specific actions:
Below, see the list of actions for each menu you use:
Credentials Menu
View Credential - GetCredentialSecret
Edited a credential - EditCredential
Deleted a credential - DeleteCredential
Cloud Services Menu
Viewed the details of a service - GetCloudServiceDetail
Made a connection to a service - ConfirmConnection
Computers Menu
Viewed the details of a computer - GetServerDetail
Viewed the credential linked to that computer - GetCredentialSecret
Made the connection on a computer - ConfirmConnection
Website Menu
Viewed the details of a website - GetWebsiteDetail
Viewed the credential linked to that website - GetCredentialSecret
Connected to a website - ConfirmConnection
If you need any help, just contact us at [email protected] :)