and more in a single search tool across platforms. Read the announcement here. |
10/27/2023 05:51 AM
Hi Team
We need to create SIEM analytics , that will fetch the data for Credentail-less session taken via Saviynt CPAM.
But whenever a session is taken and a task is created/ completed , no-where in the task it is mentioned as Credentail-less to differentiate between a normal password check out and credential-less session.
Is there any way , we can fetch this data?
Please do let me know
Thanks
Aryan
11/01/2023 08:22 AM
@aryan9975 Thanks for posting your question. This info has to be extracted from the accountConfig parameter of the account object. Please try it out in your query and let us know how it goes.
here is a sample accountConfig for both Credentials and Credentialless types
Credentialless:
{"defaultrequestabletimeforidinsecs":"120000","defaultrequestabletimeinsecs":"120000","maxrequestabletimeinsecs":"120000","diffbetweenrequests":"0","authenticationType":"","maxrequestabletimeforidinsecs":"120000","Saviynt-Status":{"showPassword":"ENABLED","pamState":"ENABLED","pamType":"CREDENTIALLESS","errorDetails":""},"ffidAlertTime":"0"}
Credentials:
{"defaultrequestabletimeforidinsecs":"","defaultrequestabletimeinsecs":"129600","maxrequestabletimeinsecs":"129600","diffbetweenrequests":"","authenticationType":"","maxrequestabletimeforidinsecs":"","Saviynt-Status":{"pamState":"ENABLED","pamType":"CREDENTIAL","errorDetails":"","justInTime":""}}
And here is a sample query extracting the value.
select accts.ACCOUNTCONFIG ->> '\$."Saviynt-Status".pamType' as 'Session Type' from accounts accts where accts.endpointkey = 1;
Thanks,
Nagesh K
11/09/2023 10:59 PM
Hello Nagesh
The thing you mentioned above is for Account config.
I want to highlight credential-less for a session taken by a user.