Privileged access operations reports

Managed account check-outs / check-ins

Purpose: Information about current and historical access to managed accounts (check-outs).

Executable: passwordcico

Select the "Report type" first (bottom of the search criteria). The search criteria changes based on the "Report type" you select.

Table 1. Managed account check-outs / check-ins report search criteria

Criteria	Description
Report type	There are three types of reports to select from: Detailed : This mode displays the full details. Summary : In this mode the available search criteria are ’Managed system ID’, ’Managed account’, ’Search time by’, ’Request attribute to search’, ’Minimum number of check-outs’, ’Maximum number of rows to display’ and ’Operation to perform for check-out and check-in’. Accounts that have not been checked out : In this mode, only accounts that have not been checked out will be shown in the report. The available search criteria are ’Managed system ID’, ’Managed account’ and ’Specify time’.
Managed system ID	Type a comma-and-space-delimited list of IDs for managed systems you want to include in the report. Alternatively, search for one or more managed systems.
Managed account	Search for one or more managed accounts you want to report on. Alternatively, you can type a managed account ID or a pattern of managed account IDs using wildcard characters, ’*’ representing any string of characters and ’?’ representing any single character.
Requester ID	Type the profile ID of the requester for whom you want to run the report. Alternatively, search for one or more profile IDs.
Recipient ID	Type the profile ID of the recipient for whom you want to run the report. Alternatively, search for one or more profile IDs.
Search time by	Select whether to run the report based on the following: Do not search by time Check-out time Check-in time Expiration time
Specify time	This is only available when Search time by is set to "Expiration time","Check-in time" or "Check-out time". Specify a date range.
Time range	This is only available when Search time by is set to "Check-out time". Specify a time range: Time range not required : This is the default setting. Information is listed regardless of start time. Use time range : Information is only included in the report output if the start time falls within the start time range. Use the: Start time field to select the earliest time to include. End time field to select the latest time to include.
Check-out status	Select the check-out status to include in the report. By default, all are included. Checking out Checked out Checking in Checked in Pending Closed Being expired Expired Being checked in Checked in by another user Check-out failed and was rolled back Check-out failed and rollback failed Check-in failed and was rolled back Check-in failed and rollback failed This option is only available if Report type = Detailed .
Request attribute to search	The request attribute to search by. You can define up to 2 attributes. Choose one of the following options to define an attribute: Attribute not required : This is the default setting. Results are included regardless of their attribute value. <attribute> : Search for check-out/check-in with an attribute value that matches Attribute value to search .
Request attribute to display	Choose from the list of request attributes to be displayed in the report.
Operation to perform for check-out and check-in	Select one or more operations: Password SSH key

Click below to view a demonstration.

Users with many managed account check-outs

Purpose: Users who checked out access to more than a threshold number of accounts in the indicated time interval.

Executable: pwdcothreshold

Table 2. Users with many managed account check-outs report search criteria

Criteria	Description
Managed system ID	Type a comma-and-space-delimited list of IDs for managed systems you want to include in the report. Alternatively, you can search for one or more managed systems.
Managed account	Search for one or more managed accounts you want to report on. Alternatively, you can type a managed account ID or a pattern of managed account IDs using wildcard characters, ’*’ representing any string of characters and ’?’ representing any single character.
Requester ID	Type the profile ID of the requester for whom you want to run the report. Alternatively, you can search for one or more profile IDs.
Recipient ID	Type the profile ID of the recipient for whom you want to run the report. Alternatively, you can search for one or more profile IDs.
Check-out time	Specify a date range for user check-outs.
Time range	Specify a start time and an end time to check each day. User check-outs made outside of this time range will not be returned in the results, even if they fall in the specified check-out time.
Check-out status	Select the check-out status to include in the report. By default, all are included. Checking out Checked out Checking in Checked in Pending Closed Being expired Expired Being checked in Checked in by another user
Number of check-out threshold per user	Type the minimum amount of check-outs each user must have in the report. This number must be a positive integer.
Checkouts of unique managed accounts	Select this checkbox to report users that have a number of check-outs of unique accounts greater than or equal to the threshold.
Operation to perform for check-out and check-in	Select one or more operations: Password SSH key
Summarize report	Select this checkbox to display a summarized report.
Graph type	Select a type of graph to generate for the report. This option is only available if Summarize report is selected. None : no graph will be generated. Vertical bar chart : a vertical bar chart will be generated for the report.

Group sets check-outs / check-ins

Purpose: List group sets check-out / check-in status.

Executable: managedgroupsetcico

Table 3. Group sets check-outs / check-ins report search criteria

Criteria	Description
Group set ID	Type the ID of a group set ID to include in the report. Alternatively, search for one or more group sets.
Managed system policy ID	Type a comma-and-space-delimited list of managed system policy IDs to include in the report. Alternatively, search for one or more managed system policies.
Target system with group	Type a comma-and-space-delimited list of managed systems with groups managed and checked out to include in the report. Alternatively, search for one or more managed systems.
Group ID	Type the ID of a group you want to include in the report. Alternatively, search for one or more groups.
Requester ID	Type a comma-and-space-delimited list of Profile IDs of requesters to include in the report. Alternatively, search for one or more requesters.
Recipient ID	Type a comma-and-space-delimited list of recipient IDs to include in the report. Alternatively, search for one or more recipients.
Target system with account	Type a comma-and-space-delimited list of target systems with accounts that have been granted temporary group membership to include in the report. Alternatively, search for one or more target systems.
Account	Type an account in the field that has been temporarily added to the group set.
Search time by	Select whether to run the report based on the following: Do not search by time Check-out time Check-in time Expiration time
Specify time	If searching by time, specify a date range.
Time range	If Search time by is set to "Check-out time", specify a time range: Time range not required : This is the default setting. Information is listed regardless of start time. Use time range : Information is only included in the report output if the start time falls within the start time range. Use the: Start time field to select the earliest time to include. End time field to select the latest time to include.
Check-out status	Select the check-out status to include in the report. By default, all are included. Checking out Checked out Checking in Checked in Pending Closed Being expired Expired Being checked in Checked in by another user
Show only temporary group membership failures	Enable this option to list failures in accessing group sets.
Request attribute to search	The request attribute to search by. You can define up to 2 attributes. Choose one of the following options to define an attribute: Attribute not required : This is the default setting. Reports results regardless of their attribute value. <attribute> : Search for check-out/check-in with an attribute value that matches Attribute value to search.
Request attribute to display	Choose from the list of request attributes to be displayed in the report.

Users with many group set check-outs

Purpose: Users who checked out access to more than a threshold number of group sets in the indicated time interval

Executable: gsetcothreshold

Table 4. Users with many group set check-outs report search criteria

Criteria	Description
Group set ID	Type the ID of a group set ID to include in the report. Alternatively, search for one or more group sets.
Requester ID	Type a comma-and-space-delimited list of Profile IDs of requesters to include in the report. Alternatively, search for one or more requesters.
Recipient ID	Type a comma-and-space-delimited list of Profile IDs of recipients to include in the report. Alternatively, search for one or more recipients.
Check-out time	Specify a date range for user check-outs.
Time range	Specify a start time and an end time to check each day. User check-outs made outside of this time range will not be returned in the results, even if they fall in the specified check-out time.
Check-out status	Select the check-out status to include in the report. By default, all are included. Checking out Checked out Checking in Checked in Pending Closed Being expired Expired Being checked in Checked in by another user
Number of check-out threshold per user	Type the minimum amount of check-outs each user must have in the report. This number must be a positive integer.
Summarize report	Select this checkbox to display a summarized report.
Graph type	Select a type of graph to generate for the report. This option is only available if Summarize report is selected. None : no graph will be generated. Vertical bar chart : a vertical bar chart will be generated for the report.

Group set check-in failures

Purpose: Group set check-ins that could not be completed, for example because of unreachable managed systems or credential problems.

Executable: managedgroupsetcifailures

Table 5. Group set check-in failures report search criteria

Criteria	Description
Group set ID	Type the ID of a group set you want to include in the report. Alternatively, search for one or more group sets.
Managed system policy ID	Type a comma-and-space-delimited list of managed system policy IDs you want to include in the report. Alternatively, search for one or more policies.
Target system with group	Type a comma-and-space-delimited list of managed systems you want to include in the report. Alternatively, search for one or more managed systems.
Group ID	Type the ID of a group you want to include in the report. Alternatively, search for one or more groups.
Requester ID	Type the profile ID of the requester for whom you want to run the report. Alternatively, you can search for one or more profile IDs.
Recipient ID	Type the profile ID of the recipient for whom you want to run the report. Alternatively, you can search for one or more profile IDs.
Target system with account	Type a comma-and-space-delimited list of target systems you want to run the report. Alternatively, search for one or more target systems.
Account	Type an account in the field you want to include in the report.
Search time by	Select whether to run the report based on the following: Do not search by time Failure time Check-out time Expiration time
Specify time	If searching by failure time, check-out time, or expiration time, specify a date range.

Group set excess memberships

Purpose: List potential group set access that might not have been removed upon having access checked in.

Executable: managedgroupsetexcess

Table 6. Group set excess memberships report search criteria

Criteria	Description
Managed system ID	Type a comma-and-space-delimited list of IDs of managed systems to include in the report. Alternatively, search for one or more managed systems.
Group set ID	Search for and select the group set ID to include in the report.
Group ID	Search for and select the group ID to include in the report.
Target system ID	Type a comma-and-space-delimited list of IDs of target systems to include in the report. Alternatively, search for one or more target systems.
Integration direction	Select the target’s integration method: (All): This is the default setting. Reports results for all managed systems Push mode : Reports results for managed systems under a push mode policy Local service mode : Reports results for managed systems under a local service mode policy

Account set check-outs/check-ins

Purpose: This report allows you to query account set access check-outs and check-ins.

Executable: maqcheckout

Select the "Report type", at the bottom of the search criteria, first. The search criteria will change based on the "Report type" you select.

Table 7. Account set check-outs/check-ins report search critieria

Criteria	Description
Report type	There are three types of reports to select from: Detailed : This mode displays the full details for the account set access check-outs and check-ins. Summary : This mode displays counters for the account set access check-out requests (user manually requesting the check-out), and the total number of account set access check-outs (pre-approved and manually requested check-outs). Account sets that have not been checked out : In this mode, only account sets that have not been checked out, or those that have not been checked out since the date specified in "Specify time" filter, will be shown in the report.
Account set ID	Type a comma-and-space-delimited list of account set IDs to include in the report. Leave the field blank to return all of the account sets or alternatively, search for one or more account set IDs.
Managed system policy ID	Type a comma-and-space-delimited list of managed system policy IDs to include in the report. Leave the field blank to search on all managed system policies or alternatively, search for one or more managed system policy IDs.
Managed system ID	Type a comma-and-space-delimited list of IDs for managed systems you want to include in the report. Alternatively, search for one or more managed systems.
Managed account	Search for one or more managed accounts you want to report on. Alternatively, you can type a managed account ID or a pattern of managed account IDs using wildcard characters, ’*’ representing any string of characters and ’?’ representing any single character.
Requester ID	Type the profile ID of the requester for whom you want to run the report. Alternatively, search for one or more profile IDs.
Recipient ID	Type the profile ID of the recipient for whom you want to run the report. Alternatively, search for one or more profile IDs.
Search time by	Select whether to run the report based on the following: Do not search by time Request time Check-out time Check-in time Expiration time
Specify time	If searching by time, specify a date range.
Time range	If Search time by is set to "Check-out time", specify a time range: Time range not required : This is the default setting. Information is listed regardless of start time. Use time range: Information is only included in the report output if the start time falls within the start time range. Use the: Start time field to select the earliest time to include. End time field to select the latest time to include.
Check-out status	Select the check-out status to include in the report. By default, all are included. Checking out Checked out Checking in Checked in Pending Closed Being expired Expired Being checked in Checked in by another user This option is only available if Report type = Detailed .
Request attribute to search	The request attribute to search by. You can define up to 2 attributes. Choose one of the following options to define an attribute: Attribute not required : This is the default setting. Reports results regardless of their attribute value. <attribute> : Search for check-out/check-in with an attribute value that matches Attribute value to search .
Request attribute to display	Choose from the list of request attributes to be displayed in the report.

Users with many account set check-outs

Purpose: Reports on users who checked out access to more than a threshold number of account sets in an indicated time interval.

Executable: maqcothreshold

Table 8. Users with many account set check-outs report search criteria

Criteria	Description
Account set ID	Type a comma-and-space-delimited list of account set IDs to include in the report. Leave the field blank to return all of the account sets or alternatively, search for one or more account set IDs.
Requester ID	The requester is the person who requested the account set check-out. Type the profile ID of the requester for whom you want to run the report. Alternatively, search for one or more profile IDs.
Recipient ID	Type the profile ID of the recipient for whom you want to run the report. Alternatively, search for one or more profile IDs.
Check-out time	Specify a date range for user check-outs.
Time range	Specify a start time and an end time to check each day. User check-outs made outside of this time range will not be returned in the results, even if they fall in the specified check-out time.
Check-out status	Select the check-out status to include in the report. By default, all are included. Checking out Checked out Checking in Checked in Pending Closed Being expired Expired Being checked in Checked in by another user
Number of check-out threshold per user	Required. The minimum number of check-outs per user. The minimum value accepted is 1.
Summarize report	Select this checkbox to display a summarized report.
Graph type	Select a type of graph to generate for the report. This option is only available if Summarize report is selected. None : no graph will be generated. Vertical bar chart : a vertical bar chart will be generated for the report.

Account set access and commands usage

Purpose: This report allows you to query summary information on account sets check-outs and any commands executed with those account sets.

Executable: maqusage

Table 9. Account set access and commands usage report search criteria

Criteria	Description
Account set ID	Type a comma-and-space-delimited list of account set IDs to include in the report. Leave the field blank to return all of the account sets or alternatively, search for one or more account set IDs.
Managed system policy ID	Type a comma-and-space-delimited list of managed system policy IDs to include in the report. Leave the field blank to search on all managed system policies or alternatively, search for one or more managed system policy IDs.
Display users	If checked the report will display details of the account set users.
Recipient ID	Type a comma-and-space-delimited list of user IDs to include in the report. Leave the field blank to return all users or alternatively, search for one or more user IDs.
Shared	When account sets are created, they can be shared with other users, or kept personal. Choose one of the following options: (All): all account sets (default) Yes : shared account sets only No : personal account sets only
Search time by	Select whether to run the report based on the following: Do not search by time Request time Check-out time Command queue time
Specify time	If searching by time, specify a date range.
Time range	If Search time by is set to "Check-out time", specify a time range: Time range not required : This is the default setting. Information is listed regardless of start time. Use time range: Information is only included in the report output if the start time falls within the start time range. Use the: Start time field to select the earliest time to include. End time field to select the latest time to include.
Minimum number of check-outs	Enter the minimum number of check-outs a account set access must have before it is displayed in this report.
Display command details	If checked, the report will display the details of the commands executed.
Saved command	Choose one of the following options: (All): all commands (default) Yes : saved commands only No : commands not saved Deleted : only commands that were deleted
Command	Enter the commands executed with the account set access.
Command Creator ID	Type a comma-and-space-delimited list of "command creator IDs" or leave it blank to search all command creators. Alternatively, search for one or more command creator IDs.
Shared command	When commands are created, they can be shared with other users, or kept personal. Choose one of the following options: (All): all commands (default) Yes : shared commands only No : personal commands only

Account set access command execution log

Purpose: Provides information about commands that have been executed in account sets.

Executable: maqcommandlog

Table 10. Account set access command execution log report search criteria

Criteria	Description
Account set ID	Type a comma-and-space-delimited list of account set IDs to include in the report. Leave the field blank to return all of the account sets or alternatively, search for one or more account set IDs.
Managed system policy ID	Type a comma-and-space-delimited list of managed system policy IDs to include in the report. Leave the field blank to search on all managed system policies or alternatively, search for one or more managed system policy IDs.
Search time by	Select whether to run the report based on the following: Do not search by time Request time Check-out time Command queue time
Specify time	If searching by time, specify a date range.
Time range	If Search time by is set to "Check-out time", specify a time range: Time range not required : This is the default setting. Information is listed regardless of start time. Use time range: Information is only included in the report output if the start time falls within the start time range. Use the: Start time field to select the earliest time to include. End time field to select the latest time to include.
Recipient ID	Type the profile ID of the recipient for whom you want to run the report. The recipient is the person who executed the command. Alternatively, search for one or more profile IDs.
Saved command	Choose one of the following options: (All): all commands (default) Yes : saved commands only No : commands not saved Deleted : only commands that were deleted
Command Creator ID	Type a comma-and-space-delimited list of "command creator IDs" or leave it blank to search all command creators. Alternatively, search for one or more command creator IDs.
Command	Enter the commands executed with the account set access.
Shared command	When commands are created, they can be shared with other users, or kept personal. Choose one of the following options: (All): all commands (default) Yes : shared commands only No : personal commands only
Managed system ID	Type a comma-and-space-delimited list of IDs for managed systems you want to include in the report. Alternatively, search for one or more managed systems.
Managed account	Search for one or more managed accounts you want to report on. Alternatively, you can type a managed account ID or a pattern of managed account IDs using wildcard characters, ’*’ representing any string of characters and ’?’ representing any single character.
Results	Select one or more of the following options (by default, all are included): Abort Success Waiting to process request Fail

Privileged access frequency analysis

Purpose: This report allows you to see how often privileged access is being checked out.

Executable: pamfrequencyanalysis

Table 11. Privileged access frequency analysis report search criteria

Criteria	Description
Profile attribute	Define at least one profile attribute, up to a maximum of 4 attributes. Only attributes that can be displayed in reports are available.
Minimum number of users with the same values for each of the specified attributes	The minimum number of requesters/recipients checking out privileged access that matches the profile attribute requirement. Default value is 1.
Include managed accounts	Select this option to see information about single account check-outs.
Minimum number of managed accounts in cluster	The minimum number of single accounts meeting the threshold. This option is only available when Include managed accounts is selected.
Minimum threshold for managed accounts (%)	The minimum percentage of users checking out a particular single account out of the total number of users checking out at least one single account. This option is only available when Include managed accounts is selected.
Include group sets	Select this option to see information about group set check-outs.
Minimum number of group sets in cluster	The minimum number of group sets meeting the threshold. This option is only available when Include group sets is selected.
Minimum threshold for group sets (%)	The minimum percentage of users checking out a particular group set out of the total number of users checking out at least one group set. This option is only available when Include group sets is selected.
Include account sets	Select this option to see information about account set check-outs.
Minimum number of account sets in cluster	The minimum number of account sets meeting the threshold. This option is only available when Include account sets is selected.
Minimum threshold for account sets (%)	The minimum percentage of users checking out a particular account set out of the total number of users checking out at least one account set. This option is only available when Include account sets is selected.
Choose check-out date	Choose a date range to define the check-out date:
Show summary	Summarizes the report. This includes the percentage of users checking out privileged access based on the specified attributes, how many of each privileged access type is checked out, and how many of each privileged access type do not meet the minimum threshold.

Access disclosure plugins execution

Purpose: This report returns details of access disclosure plugin executions, including their attributes, who used the access and when.

Executable: pluginexecution

Table 12. Access disclosure plugins execution report search criteria

Criteria	Description
Date	Choose a date range to define the check-out date:
Time range	Choose a time range: Time range not required : This is the default setting. Information is listed regardless of start time. Use time range: Information is only included in the report output if the start time falls within the start time range. Use the: Start time field to select the earliest time to include. End time field to select the latest time to include.
Plugin file name	Select access disclosure plugins: guacamole-rdp guacamole-ssh guacamole-telnet guacamole-vnc pswcmdrun pswxcmd.cab pswxcopy.cab pswxdom.cab pswxtsvc.cab pswxview.cab pswxwebapp securebrowser <any custom disclosure plugins>
User ID	Type a comma-and-space-delimited list of user IDs. Alternatively, search to find the matching user.
Managed system ID	Type a comma-and-space-delimited list of managed system IDs. Alternatively, search to find the matching managed systems.
Account	Enter the ID of the account.
Filter by attribute	Select to filter results based on a specific plugin attribute.
Attribute name	Type a specific plugin attribute. This field only appears if Filter by attribute is selected.
Comparator	Select a comparator: is empty is not empty is equal to This field only appears if Filter by attribute is selected.
Attribute value	Specify an attribute value to filter against. This field only appears if Comparator is set to ‘is equal to’.
Display attributes	By default, this option is checked. Uncheck this to show the report without plugin attribute names and values.

Click below to view a demonstration.

Manual password randomization batches

Purpose: List the randomization results of managed account passwords performed manually.

Executable: mngdaccountpwdstatus

Table 13. Manual password randomization batches report search criteria

Criteria	Description
Integration direction	Choose whether to display push mode or local service mode accounts.
Initiator ID	Type a comma-and-space-delimited list of IDs of users who initiated a password randomization. Alternatively, search to find matching initiators.
Date of randomization	Choose a date range during which randomization occurred.
Managed system policy ID	Type a comma-and-space-delimited list of managed system policy IDs. Alternatively, search to find the matching managed system policies.
Managed system ID	Type a comma-and-space-delimited list of managed system IDs. Alternatively, search to find the matching managed systems.
Managed account	Search for one or more managed accounts you want to report on. Alternatively, you can type a managed account ID or a pattern of managed account IDs using wildcard characters, ’*’ representing any string of characters and ’?’ representing any single character.
Account attribute to display	Select an account attribute to be included in the report. You can specify up to 3 account attributes.
Manual password randomization batches	Choose whether to display all results, only successes, or only errors.
Summarize report	Select this checkbox to display a summarized report. In this mode, available search criteria are ’Managed system policy’, ’Managed system’, ’Managed system with account’ and ’Initiator’.

Password change history

Purpose: Audit of password changes on managed accounts.

Executable: passwordhistory

Table 14. Password change history report search criteria

Criteria	Description
Password type	Choose which password change type to include in the report: (All): is the default which includes Overridden and Randomized Overridden : user defined passwords such as overrides Randomized : system defined passwords such as randomizations and password check-ins.
Managed system ID	Type a comma-and-space-delimited list of IDs for managed systems you want to include in the report. Alternatively, search for one or more managed systems. The Advanced search has the following search criteria available: Address : type a managed system address Description : type a managed system description ID : type a managed system ID
Managed account	Search for one or more managed accounts you want to report on. Alternatively, you can type a managed account ID or a pattern of managed account IDs using wildcard characters, ’*’ representing any string of characters and ’?’ representing any single character.
Date of password change	Choose a date range to define the date of password change interval:
Password set by	Type a comma-and-space-delimited list of user IDs for product administrators or IDM Suite Automation users representing actions taken by services. Alternatively, search for one or more user IDs.
Deleted	Managed accounts are marked as deleted in this report when the target system still exists but is no longer managed by Bravura Privilege . Choose to include password changes for deleted managed accounts in the report: (All): is the default which includes password changes for all accounts No : includes only password changes for accounts that have not been deleted {report}Yes : includes only password changes for accounts that have been deleted
Summarize report	Select this checkbox to display a summarized report.

Orchestrations

Purpose: Summary and detailed view of past orchestrations.

Executable: orchestrations

Table 15. Orchestestrations report search criteria

Criteria	Description
Orchestation ID	Type the GUID of an orchestration you want to include in the report.
Managed system ID	Type a comma-and-space-delimited list of IDs for managed systems you want to include in the report. Alternatively, search for one or more managed systems. The Advanced search has the following search criteria available: Address : type a managed system address Description : type a managed system description ID : type a managed system ID
Managed system description	Type the description of a managed system to include in the report.
Managed account	Search for one or more managed accounts you want to report on. Alternatively, you can type a managed account ID or a pattern of managed account IDs using wildcard characters, ’*’ representing any string of characters and ’?’ representing any single character.
Exclude successful orchestrations	Select this checkbox to omit successful orchestrations from the report.
Exclude failed orchestrations	Select this checkbox to omit failed orchestrations from the report.
Exclude outstanding orchestrations	Select this checkbox to omit outstanding orchestrations from the report.
Choose start date	Choose a date range to define the start date.
Choose end date	Choose a date range to define the end date.
Summarize report	Select this checkbox to display a summarized report.

Privileged password expiration

Purpose: Reports Managed accounts whose passwords are due to be changed.

Executable: expiredpassword

Table 16. Privileged password expiration report search criteria

Criteria	Description
Managed system policy ID	Type a comma-and-space-delimited list of managed system policy IDs to include in the report. Alternatively, search for one or more policies.
Managed system ID	Type a comma-and-space-delimited list of IDs for managed systems you want to include in the report. Alternatively, search for one or more managed systems.
Managed system description	Type the description of a managed system to include in the report.
Managed account	Search for one or more managed accounts you want to report on. Alternatively, you can type a managed account ID or a pattern of managed account IDs using wildcard characters, ’*’ representing any string of characters and ’?’ representing any single character.
Expired password time	Choose a date range to define the expired password time:

Managed system accounts status

Purpose: Managed systems accounts and their status.

Executable: managedsystemsaccounts

Table 17. Managed system accounts status report search criteria

Criteria	Description
Status	Select a status from the drop-down list: All Managed Unmanaged
Managed system ID	Type a comma-and-space-delimited list of IDs for managed systems you want to include in the report. Alternatively, you can search for one or more managed systems.
Managed system description	Type the description of a managed system to include in the report.
Managed account	Type the ID of a managed account to include in the report.
Operation to perform for check-out and check-in	Select one or more operations: Password SSH key

Managed account status

Purpose: Status, including last connection time, last password change and last check-out, of managed systems and accounts.

Executable: discoveredaccountstatus

Table 18. Managed account status report search criteria

Criteria	Description
Status	Select a status from the drop-down list: All Managed automatically or manually Managed manually Managed automatically Unmanaged
Managed system ID	Type a comma-and-space-delimited list of IDs for managed systems you want to include in the report. Alternatively, you can search for one or more managed systems.
Managed system description	Type the description of a managed system to include in the report.
Last connect time	Choose a date range for the last connect time.
Discovered account	Type the ID of a discovered account to include in the report
Include invalid accounts	Select this checkbox to include invalid accounts in the report.
Account attribute to display	Select one of the attributes from the drop-down list. The value of that attribute will be displayed in the report.
Last password change	Choose a date range for the last password change.
Last check-out time	Choose a date range for the last check-out time.
Operation to perform for check-out and check-in	Select one or more operations: Password SSH key

Session recording details

Administrators must belong to a user group with permission to run reports on particular managed system policies.

Purpose: Quantity and type of data captured in recorded sessions.

Executable: smondata

Table 19. Session recording details report search criteria

Criteria	Description
Access	Type the ID of an account to include in the report.
Managed system ID	Type a comma-and-space-delimited list of IDs for managed systems you want to include in the report. Alternatively, you can search for one or more managed systems.
Managed system description	Type the description of a managed system to include in the report.
Monitored user	Type the profile ID to include in the report. Alternatively, you can search for one or more profile IDs.
User device	Type the ID of the workstation from which the session started.
Choose date range	Specify a date range for data collection.

Session recording summary

Administrators must belong to a user group with permission to run reports on particular managed system polices.

Purpose: Provides summary information on recorded sessions

Executable: smonstats

Table 20. Session recording summary report search criteria

Criteria	Description
Access	Type the ID of an account to include in the report.
Managed system ID	Type a comma-and-space-delimited list of IDs for managed systems you want to include in the report. Alternatively, you can search for one or more managed systems.
Managed system description	Type the description of a managed system to include in the report.
Monitored user	Type the profile ID to include in the report. Alternatively, you can search for one or more profile IDs.
User login	Type the ID of the user who was logged on to the workstation from which the session started.
User device	Type the ID of the workstation from which the session started.
Choose date range	Specify a date range for data collection.
Session status	Select the status of sessions to include in the report: Active Closed Stale Terminated

Recorded session package information

Administrators must belong to a user group with permission to run reports on particular managed system policies.

Purpose: Details of recorded session packages.

Executable: smonpackageinfo

Table 21. Recorded session package information report search criteria

Criteria	Description
Managed system ID	Type a comma-and-space-delimited list of IDs for managed systems you want to include in the report. Alternatively, you can search for one or more managed systems.
User device	Type the name of the workstation from which the package request was sent.
User device IP address	Type the IP address of the workstation from which the package request was sent.
Requester ID	Type a comma-and-space-delimited list of Profile IDs of requesters to include in the report. Alternatively, search for one or more requesters.
Status	Select the status of packages to include in the report.
Requested time	Specify a date range for requests for packages.

Sessmon sessions

Purpose: Current and historical usage and termination of sessmon sessions.

Executable: passworddisclosure

Table 22. Sessmon sessions report search criteria

Criteria	Description
Recipient ID	Type the ID of the user checking out a managed account. Alternatively, you can search for one or more profile IDs.
Managed system ID	Type a comma-and-space-delimited list of IDs for managed systems you want to include in the report. Alternatively, you can search for one or more managed systems.
Account	Search for one or more accounts you want to report on. Alternatively, you can type an account ID or a pattern of account IDs using wildcard characters, ’*’ representing any string of characters and ’?’ representing any single character.
Operation to perform for check-out and check-in	Select one or more operations: Group set Password SSH key
User device	Type a comma-and-space-delimited list of IDs of workstation computers or other devices from which a session was started.
User login	Type a comma-and-space-delimited list of IDs of device users that started a session.
Start time	Specify a date range from when sessions started.
Duration minimum	Type a minimum session duration in the format HH:mm:ss.
Duration maximum	Type a maximum session duration in the format HH:mm:ss.
Session status	Select a session status to include in the report. By default, all are included. Any Active Terminated by administrator request Terminated by automatic check-in Terminated because tampering was detected Shutdown by user Stranded from session monitoring
Plugin file name	Select one or more access disclosure plugins: `guacamole-rdp` `guacamole-remote-app` `guacamole-ssh` `guacamole-telnet` `guacamole-vnc` `pswxcmd.cab` `pswxdom.cab` `pswxtsvc.cab` <any custom disclosure plugins>

Sessions disconnected

Administrators must belong to a user group with permission to run reports on particular managed system policies.

Purpose: Report Bravura Security Fabric sessions that disconnected either by users or by administrators.

Executable: smondisconnected

Table 23. Sessions disconnected report search criteria

Criteria	Description
Disconnection cause	Select the cause of session disconnected to include in the report: (All) Terminated by administrator request Shutdown by user
Administrator ID	Type a comma-and-space-delimited list of IDs of administrators to include in the report. Alternatively, search for one or more requesters. This option does not appear when the Disconnection cause is set to "Shutdown by user".
Monitored user	Type a comma-and-space-delimited list of Profile IDs of requesters to include in the report. Alternatively, search for one or more requesters.
Managed system ID	Type a comma-and-space-delimited list of IDs for managed systems you want to include in the report. Alternatively, you can search for one or more managed systems.
Managed system description	Type the description of a managed system you want to include in the report.
Access	Search for one or more accounts you want to report on. Alternatively, you can type an account ID or a pattern of account IDs using wildcard characters, ’*’ representing any string of characters and ’?’ representing any single character.
Start date	Specify a date range from when sessions started.
Operation to perform for check-out and check-in	Select one or more operations: Group set Password SSH key

In this section:

Privileged access operations reports

Managed account check-outs / check-ins

Users with many managed account check-outs

Group sets check-outs / check-ins

Users with many group set check-outs

Group set check-in failures

Group set excess memberships

Account set check-outs/check-ins

Users with many account set check-outs

Account set access and commands usage

Account set access command execution log

Privileged access frequency analysis

Access disclosure plugins execution

Manual password randomization batches

Password change history

Orchestrations

Privileged password expiration

Managed system accounts status

Managed account status

Session recording details

Session recording summary

Recorded session package information

Sessmon sessions

Sessions disconnected

Search results