- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-07-2024 04:38 AM
I am reviewing audit data for sys_user table. Are there any fields that the Security Center pulls from sys_audit related to user table like last_login_time or last_login_device for example; wondering impact if any in the event auditing was excluded for these fields?
Thanks
Solved! Go to Solution.
- Labels:
-
Architect
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-07-2024 05:22 AM
OOB, unless something changed in Xanadu or by some plug-in, sys_user is not audited.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-07-2024 05:22 AM
OOB, unless something changed in Xanadu or by some plug-in, sys_user is not audited.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-07-2024 05:42 AM
Good point, so by this theory there wouldn't be a dependency on them right.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-07-2024 08:19 AM
Well, even if the fields are not audited (and so there is no tracking of changes), the latest/current values could still be valuable.
E.g. single out active accounts that have a high privileged roles but have not logged in since a while?
Perhaps someone forgot to de-activate the admin account of a contractor, or ex. employee?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-07-2024 12:02 PM
I think you are mis-interpreting my question or maybe I'm not clear, however your comment about sys_user not being audited out of box probably answers my query.
I'm specifically asking does Security Center utilize any audit data from sys_user. I'm thinking about no longer auditing a bunch of fields (that currently are), so I'm wondering what other 'process', plugin or whatever might be consuming the data I'm about to exclude.