How to log administrator activities in Centrify Access Manager to your SIEM

How to log administrator activities in Centrify Access Manager to your SIEM

By Centrify Advisor IV on ‎09-01-2017 02:56 PM

To capture configuration changes in Centrify Access Manager to your SIEM, you will need two things on the operating system running Access Manager 

1. Your SIEM reflector to read and send the Application event viewer to your SIEM.

2. Configure the following registry setting:

CSSaudittrail.png

- HKLM\Software\Centrify\AuditTrail\Centrify Suite.Centrify Configuration\AuditTrailTargets (Set the value to 3.)

- OR HKLM\Software\Centrify\AuditTrail\AuditTrailTargets  (Set the value to 3.) Then delete the three child keys for HKLM\Software\Centrify\AuditTrail.

 

This value will write events both to the local Application event log and Direct Audit database. Events such as assigning a user to a role, creating a child zone or modifying a user's POSIX information will be logged to your SIEM.

 

For reference, here is the guide for all events written to the Application event log as well the syslog on Linux by the DirectAudit Agent. https://docs.centrify.com/en/css/suite2017.1/centrify-audit-events-guide.pdf

Showing results for 
Search instead for 
Do you mean 
Labels

Community Control Panel