New Ranks & Badges For The Community!
Notice something different? The ranks and associated badges have gone "Star Fleet". See what they all mean HERE

Drivers could write changes as their security equivalent - used for auditing

Idea ID 2834211

Drivers could write changes as their security equivalent - used for auditing

Issue: When an IdM driver makes a change to an object (attributes for example). The change is recorded as made by the IdM engine server.

In instances where changes can originate from a number of sources, the tracking of where the change originate is impossible. Even with auditing on an attribute level and a SIEM system, the result is just "something" originating on this server made those changes.

Would it not be splendid, if the changes were actually performed as the entity which the driver is security equal to?

What would we gain with this?

Traceability (which driver runs amok?)

Compliance (and this is far more important). Who or at least WHAT made the change?

 

 

4 Comments
Micro Focus Expert
Micro Focus Expert

Did you enable auditing for your drivers: https://www.netiq.com/documentation/identity-manager-48/configure_auditing/data/identity-manager-engine-events.html ?

Specifically

003002A

Add Value - Modify Entry

Occurs when a value is added during the modification of an object.

003002B

Remove Value

Occurs when a modify operation contains a remove-value element.

003002F

Add Value - Add Entry

Occurs when a value is added during the creation of an object.

Ensign
Ensign

Note: on the engine control values, you have a setting "Set creatorsName on objects created in the Identity Vault". The description of this might explain why the modifier is not the driver: perforamance.

Captain
Captain

Klasen.... I do belive that I did.

Cannot be sure though, I enabled auditing and the issue is that is says "the server did it".

Is there an option to specifically add auditing for drivers?

I think I just enabled it on edir as a whole (and identity apps)

Micro Focus Expert
Micro Focus Expert
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.