7. Monitoring and auditing

7.1 Audits

• Resource Audit

  • All activities related to privileged accounts and passwords, resources, resource groups, sharing, and password policies

  

• User Audit

  • All user operations, providing detailed tracking of user activities.

  

• Task Audit

  • Records of all scheduled tasks created and executed, providing detailed tracking of task executions

  

• User Sessions

  • Records of all operations performed by users during their active sessions, providing detailed tracking of user activities.
  • Can be viewed by selecting a particular user session during a specific date or within a specific date range
  • Administrators also have the option to terminate any active user session

  

• Recorded Server Connections

  • All the recorded remote sessions
  • You can search for the desired recorded sessions using details such as resource name, account name, or time stamp
  • To view a recorded session, click the Play icon beside the desired recording and use the Seek bar to skip parts of the session as needed.

  

• All logs are also stored locally, for more details and information, check the following documentation

7.2 Dashboards

• Password Dashboard

  

  Element	Explanation	Use Case
  Total Passwords	Total count of privileged passwords stored in PAM360.	Gauge scale of privileged access landscape; verify that all critical systems are covered.
  Expired Passwords	Count of passwords past their expiry date.	Proactively rotate expired credentials to avoid access disruptions or security risks.
  Policy Violations	Passwords violating configured complexity or rotation rules.	Enforce internal security policies; identify and remediate weak or non-compliant credentials.
  Conflicting Passwords	Mismatches between PAM360-stored passwords and actual credentials on systems.	Prevent broken access flows or automation; detect unauthorised manual changes.
  Password Distribution	Visual categorisation of passwords by resource type (Windows, Linux, DB, etc.).	Analyse risk exposure; focus compliance checks on most represented system types.
  Password Activity	Log of recent password-related operations.	Trace actions for auditing; identify unusual behaviour such as frequent retrievals or unexpected edits.
  Resource Audit – Live Feed	Real-time log of password operations and resource access events.	Monitor current activity to respond quickly to anomalies, misuse, or access abuse.
  Favorites and Recent	Quick-access section for commonly or recently used credentials/resources.	Improve admin efficiency; simplify repetitive or daily access.
  Active Privileged Sessions	List of live sessions initiated via PAM360.	Enable live monitoring and, if needed, termination of sessions to mitigate threats or mistakes.

• User Dashboard

  

  Element	Explanation	Use Case
  User Activity	Overview of recent user actions (retrievals, check-ins, edits, etc.).	Track user behaviour and detect abnormal activity (e.g., users accessing new or unusual resources).
  Role Distribution	Breakdown of user roles in the system (Admin, Auditor, etc.).	Support access governance by identifying imbalanced privilege distributions.
  Active User Sessions	List of users currently logged into PAM360.	Live visibility into who is accessing the system, when, and from where.
  User Audit – Live Feed	Real-time activity log capturing user events such as logins, password actions, and settings changes.	Detect policy violations or insider threats as they happen.
  Most Active Users	Users with highest activity levels (e.g., number of sessions, retrievals).	Identify power users or potential overuse/abuse cases; helps in prioritising user reviews and support.

• Keys Dashboard

  

  Element	Explanation	Use Case
  SHA-1 Certificates	Lists all certificates using the outdated SHA-1 hashing algorithm, which is no longer considered secure.	Helps administrators identify certificates that need to be upgraded to SHA-256 or stronger, reducing vulnerability to spoofing and other cryptographic attacks.
  1024 Bit and Smaller Keys	Highlights RSA and other keys that are ≤1024 bits in length, which are highly susceptible to brute-force attacks.	Enables security teams to prioritise replacement of weak keys with stronger ones (e.g., 2048 or 4096-bit), aligning with best practices and compliance standards like NIST or PCI-DSS.
  Last Rotation Failed	Flags key rotation attempts that failed, which may leave critical keys unrotated and increase risk.	Prompts immediate investigation and corrective action to ensure key rotation processes are functioning as expected and reduce exposure to stale cryptographic material.
  Keys Not Rotated in Last 30 Days	Shows keys that haven't been rotated in over 30 days, potentially violating policy or increasing the attack surface.	Allows admins to schedule or enforce rotation of keys regularly, meeting internal policies or external compliance mandates, and avoiding long-term key reuse vulnerabilities.
  Certificate Authority	Displays details about certificates issued by different CA (Certificate Authorities) in the environment.	Helps organisations monitor CA trust chains, detect reliance on untrusted CAs, and manage internal vs external issuance, ensuring all digital identities are validated by approved authorities.
  Certificate Expiry	Provides expiry timelines for all certificates, enabling proactive renewal.	Prevents downtime or security warnings due to expired certificates; admins can schedule renewals in advance and automate alerts for expiring certificates.
  License Details	Shows usage stats of the PAM360 licensing model, including counts of SSL certs, SSH keys, and key stores.	Enables planning and scaling—admins can assess if they’re nearing license limits and plan upgrades or cleanups accordingly to optimise PAM360 usage.
  Vulnerabilities	Detects cryptographic vulnerabilities (e.g., weak cipher suites, poodle SSL, revoked certificates).	Security teams can act on flagged risks, running remediation efforts (e.g., disabling weak cipher suites or revoking compromised certs) to ensure system-wide cryptographic hygiene and reduce risk of exploitation.
  SSH Key Summary	Overview of SSH keys: total, unused, unique, or duplicated keys, helping assess key sprawl and hygiene.	Enables reduction of SSH key clutter, removal of orphaned keys, and enforcement of least-privilege principles by reviewing SSH key deployments and access paths.
  Operation Audit	Full audit trail of key and certificate events—generation, distribution, rotation, revocation, etc.	Ensures transparency and accountability in key life cycle management; supports internal audits, external compliance checks (e.g., ISO 27001, SOX), and forensic investigations in case of incident.

• Security Dashboard

  

  Element	Explanation	Use Case
  Inactive Users	Number of users who haven't logged in or used PAM360 in the last x days.	Helps identify and deactivate dormant accounts, reducing the attack surface and complying with account lifecycle policies.
  Non-MFA Users	Count of users not using Multi-Factor Authentication (MFA).	Highlights users with weaker authentication methods. Administrators can enforce MFA for better access security.
  Non-Synchronized Users	Users whose account credentials are not synchronized with external authentication systems (like LDAP/AD).	Ensures user directory integrity and reduces the risk of local-only credentials being exploited.
  Users with Local Authentication	Users logging in via local credentials instead of centralized identity providers.	Identifies users bypassing federated or directory-based authentication for better visibility and risk mitigation.
  Security Hardening Score	A visual percentage reflecting the overall security posture based on configured best practices.	Quickly assess how secure the PAM360 environment is; serves as a metric to guide future security improvements.
  Security Assessment Posture – Server Tab	A checklist of system-level configurations related to encryption, protocols, backup, key storage, and more. Icons indicate pass, warning, or failure.	Helps assess and guide compliance with secure deployment practices—e.g., TLS enforcement, key storage, HTTPS usage, and backup configuration.

7.3 Reports

PAM360 offers a wide range of reporting features that help organizations maintain visibility, enforce compliance, and audit privileged access across users and systems. These reports are organized into several categories to suit operational, compliance, and executive needs.

Password Reports focus on the health and management of credentials. They allow administrators to review the full inventory of accounts, check if passwords comply with established policies, monitor password expiry, and track how passwords are being used within the organization. Additional reports help identify passwords that are unshared, not grouped under any resource, or out of sync with their corresponding systems. There are also insights into how password access control workflows are being used and whether any resources have been disabled.

User Reports provide visibility into user behavior and access patterns. You can quickly see which users have access to which resources, monitor individual user activity involving password operations, and detect users who are not assigned to any group—useful for tightening access controls and maintaining accountability.

Custom Reports give you detailed audit trails on specific actions, such as passwords accessed by users, approved or denied password requests, failed access attempts, password modifications, and even unauthorized application elevation events. These reports are ideal for forensic analysis and internal audits.

General Reports, like the Executive Report, offer a high-level summary of all password activities, access events, and policy compliance indicators—perfect for management or compliance officers who need a quick snapshot of the environment.

PAM360 provides a dedicated Compliance Reports section designed to help organizations demonstrate alignment with industry-specific security and privacy standards. These reports map PAM360’s features and controls to the corresponding clauses and requirements in major regulatory frameworks.

Available Compliance Reports:

1. PCI DSS Compliance Report
   • Identifies violations in password management practices related to the Payment Card Industry Data Security Standard (DSS).
   • Ideal for organizations handling cardholder data and needing to show adherence to PCI guidelines.
2. ISO/IEC 27001 Compliance Report
   • Maps PAM360's features to the ISO/IEC 27001 standard, particularly around access control (e.g., Clause A.9).
   • Helps security and compliance teams track conformance with information security management system (ISMS) controls.
3. NERC-CIP Compliance Report
   • Assists with meeting North American Electric Reliability Corporation - Critical Infrastructure Protection (NERC-CIP) requirements.
   • Covers specific clauses like CIP-004-3a, CIP-005-3a, and CIP-007-3a that deal with identity, access, and system security.
4. GDPR Compliance Report
   • Focuses on provisions in the General Data Protection Regulation (GDPR).
   • Shows how PAM360 supports data subject rights and secures personal data, aiding in privacy assurance for European users.

7.4 How to Generate a Compliance Report (e.g., ISO/IEC 27001)

PAM360 makes it simple to generate compliance reports through a guided process:

1. Navigate to the 'Compliance Reports' section in the left-side menu.
2. Choose a desired framework, such as ISO/IEC 27001.
3. Click Generate Report.
4. A pop-up window will appear, allowing you to select:
   • All Controls or specific sub-controls (e.g., Control 9.1 to 9.4).
   • Configure a Schedule if you want the report to be generated periodically.
5. Click Generate Report or Schedule Report as needed.

Here is an example of a generated report :

ISO27001Requirement-May_8_9_04_31.pdf

All reports in PAM360 can be generated manually, customized to fit specific audit criteria, and scheduled for regular delivery—ensuring continuous monitoring and streamlined reporting for both operational teams and executives.