VaultOne is a great tool to assist in your company's audit processes!
This article is a compilation of actions, along with instructions, for you to audit using VaultOne!
We believe that three types of checks are the cornerstone of a good audit. Are they:
1. Check session recordings;
2. Check user activities;
3. Analyze the vault logs;
1. Check session recordings:
VaultOne provides screen recording functionality for computers that are accessed remotely.
It is important to point out that the platform does not record the user's computer, only the remote accesses that the user makes through the platform. That is, in the computers menu, users can access servers or computers remotely and these remote accesses will be recorded.
Already as admin, or as a user who has this permission, you will be able to check all the activities carried out through this remote access. Go to the computers menu:
And in that menu, look for the computer you want to check the screen recording. Click Actions and then View:
A new window will open. Click on the connections tab and then see more as shown by the highlighted parts in the images:
On this new screen, you will see all the connections made remotely to that computer or server:
Click on view files on the connection you want to view
Now, just click on one of the videos you'd like to see. The video will appear on your screen. You can watch it on this screen or download it to your computer.
2. Check user activities:
Keeping track of the activities that take place in the vault, as well as the users who use the platform, is of enormous importance for the company's security.
However, keeping an eye on credentials and capabilities alone may not be enough. Whenever an employee is terminated, for example, it is necessary to exclude all access he may have to important company resources.
In addition, if VaultOne is mandatory for all users, it is important to know if they are actually using the platform to access resources and privileged information.
In the Panel, there are two dashboards, one for the common user and another for the administrator users, you can access this administrator dashboard by clicking on the name of your vault as shown in the example below:
Look for "last logins" and click on Load data:
ATTENTION: According to analyzes made with user login data on VaultOne, not all users use the platform with the same frequency. Usage is usually daily, however, there are users who access the platform once a week or even fortnightly.
Before deactivating an account or deleting a user from the vault, contact them and ensure how often they are used.
3. Analyze Logs
Click on the administration menu and then on Audit:
On this screen, you will see the last actions of vault users. Click show advanced filters to check more specific actions:
Below, see the list of actions for each menu you use:
View Credential - GetCredentialSecret
Edited a credential - EditCredential
Deleted a credential - DeleteCredential
Cloud Services Menu
Viewed the details of a service - GetCloudServiceDetail
Made a connection to a service - ConfirmConnection
Viewed the details of a computer - GetServerDetail
Viewed the credential linked to that computer - GetCredentialSecret
Made the connection on a computer - ConfirmConnection
Viewed the details of a website - GetWebsiteDetail
Viewed the credential linked to that website - GetCredentialSecret
Connected to a website - ConfirmConnection
If you need any help, just contact us at email@example.com :)