Audit admin user activities

Go to solution
Gugu M
Tera Expert

‎07-23-2024 07:48 AM - edited ‎07-23-2024 07:49 AM

Hi all. Is there a way to track all (or as much as possible) admin users' activities? Examples of these may include provisioning of access, resetting of passwords, modification of access including amendment of roles, termination of access, configuration changes, migration of changes into production environment, ability to amend audit logs, logon and failed logon attempts, changes to privilege allocations, changes to security configurations. To have all these events tracked in one place and be able to report on the data as to who, what, when the changes were made?

All help will be appreciated

Thank you

0 Helpfuls
  • 1,592 Views
1 ACCEPTED SOLUTION

Go to solution
Gugu M
Tera Expert

‎08-27-2024 01:53 AM

Hi all, 

 

The solution I applied eventually was using BRs to capture various activities happening and log these into a custom table to track them accordingly. For events that are captured in the sysevent table on which there is limitations in querying the table via BRs I used script actions.

 

Thanks all for the guidance

 

Regards

View solution in original post

0 Helpfuls
3 REPLIES 3

Go to solution
Mahathi
Mega Sage
Mega Sage

‎07-23-2024 08:02 AM - edited ‎07-23-2024 08:03 AM

Hi @Gugu M ,

In my opinion, the best way is to create an assignment group for ServiceNow Administration and track all of the above activities in the Incident module.

Slowly as time progresses, you will get an idea on how many incidents you receive around each of them and that can help you automate certain processes using catalog flows.


If my answer helped in any way, please mark it as Correct & 👍Helpful

Thanks,

Mahathi

0 Helpfuls

Go to solution
Satishkumar B
Giga Sage
Giga Sage

‎07-23-2024 08:19 AM

Hi @Gugu M 
refer this:

https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0749943
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0564981
https://www.servicenow.com/community/developer-forum/audit-a-user-s-activity-in-servicenow/td-p/2339...

……………………………………………………………………………………………………

Please Mark it helpful and Accept Solution!! If this helps you to understand. 



0 Helpfuls

Go to solution
Gugu M
Tera Expert

‎08-27-2024 01:53 AM

Hi all, 

 

The solution I applied eventually was using BRs to capture various activities happening and log these into a custom table to track them accordingly. For events that are captured in the sysevent table on which there is limitations in querying the table via BRs I used script actions.

 

Thanks all for the guidance

 

Regards

0 Helpfuls