Triggering logging when the role has elevated
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2 hours ago
The requirement is to trigger the logging as soon has a role that he has elevated to log what operation he will do during its elevated period.
I had found the following
For a script to ensure the notification only triggers for a specific role (e.g., "wm_admin"), use:
if (event.parm2 == 'wm_admin') {
answer = true;
} else {
Thank you
answer = false;
}
This approach avoids unnecessary database queries and ensures the notification or logging only occurs for the intended role elevation
- Labels:
-
Now Assist for SecOps
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2 hours ago
Hi Sylvain,
When a user has elevated their role to security admin, an entry is created in the sysevent table.
Unfortunately, the sysevent table is on a daily rotation and these event records will only be available for a week. One way of preserving this data is to create a scheduled job to search for these records in the sysevent table once a week to copy these records to another table to store them in a more permanent basis.
Ref: https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0789965
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
an hour ago
Yes I know that.
What is required is when as users of a role has elevated it to use an 'Admin' privilege that the logging is triggered for the commands he will be performing for the the elevation period.
Her is the statement requiring that logging that we need to comply
-
7. All Changes (sensitive) are logged, auditable with timestamp, User ID and change record.
-
Thank you
Sylvain
438 406-1854
