User activity attribution even after they "sudo to root"

By Centrify Contributor II a month ago - last edited 2 weeks ago

Centrify Server Suite 2017's new Advanced Monitoring functionality preserves "identity context" even after the user "sudo's to root".


The new “advanced monitoring” feature adds three new functionalities:

  • Generate audit trail events when specific programs are executed by any user.
  • Generate audit trail events when any file in the directories /etc, /var/centrifyda and /var/centrifydc is modified by a non-root user.
  • Get history of programs executed in an audited session, including programs that are executed by scripts.

Do you have IBM QRadar? Are you a Centrify Server Suite Customer looking to easily ingest Centrify Data into QRadar?



Showing results for 
Search instead for 
Do you mean 

Community Control Panel