Does Security Center use sys_user Audit data

Geoff_T · ‎08-07-2024

I am reviewing audit data for sys_user table. Are there any fields that the Security Center pulls from sys_audit related to user table like last_login_time or last_login_device for example; wondering impact if any in the event auditing was excluded for these fields?

Thanks

-O- · ‎08-07-2024

OOB, unless something changed in Xanadu or by some plug-in, sys_user is not audited.

View solution in original post

-O- · ‎08-07-2024

OOB, unless something changed in Xanadu or by some plug-in, sys_user is not audited.

Geoff_T · ‎08-07-2024

Good point, so by this theory there wouldn't be a dependency on them right.

-O- · ‎08-07-2024

Well, even if the fields are not audited (and so there is no tracking of changes), the latest/current values could still be valuable.

E.g. single out active accounts that have a high privileged roles but have not logged in since a while?

Perhaps someone forgot to de-activate the admin account of a contractor, or ex. employee?

Geoff_T · ‎08-07-2024

I think you are mis-interpreting my question or maybe I'm not clear, however your comment about sys_user not being audited out of box probably answers my query.

I'm specifically asking does Security Center utilize any audit data from sys_user. I'm thinking about no longer auditing a bunch of fields (that currently are), so I'm wondering what other 'process', plugin or whatever might be consuming the data I'm about to exclude.