Does Security Center use sys_user Audit data

Geoff_T
Mega Sage

I am reviewing audit data for sys_user table. Are there any fields that the Security Center pulls from sys_audit related to user table like last_login_time or last_login_device for example; wondering impact if any in the event auditing was excluded for these fields?


Thanks

1 ACCEPTED SOLUTION

-O-
Kilo Patron
Kilo Patron

OOB, unless something changed in Xanadu or by some plug-in, sys_user is not audited.

View solution in original post

8 REPLIES 8

-O-
Kilo Patron
Kilo Patron

OOB, unless something changed in Xanadu or by some plug-in, sys_user is not audited.

Good point, so by this theory there wouldn't be a dependency on them right.

Well, even if the fields are not audited (and so there is no tracking of changes), the latest/current values could still be valuable.

E.g. single out active accounts that have a high privileged roles but have not logged in since a while?

Perhaps someone forgot to de-activate the admin account of a contractor, or ex. employee?

 

I think you are mis-interpreting my question or maybe I'm not clear, however your comment about sys_user not being audited out of box probably answers my query.

 

I'm specifically asking does Security Center utilize any audit data from sys_user. I'm thinking about no longer auditing a bunch of fields (that currently are), so I'm wondering what other 'process', plugin or whatever might be consuming the data I'm about to exclude.