Activity and reporting
Reporting is available to track account and user activity. Report administrators and users can view and track information about the following:
- Account creations and deletions
- Credential check-ins and check-outs
- Personal credential used
- Password rotations and changes
Run Vault reports
- From the /login interface, go to Reports > Vault. The following report parameters are available for selection:
- Date Range: View all events within a specific date range.
- Account: View all events associated with a specific account.
- Performed By: View all events involving a specific user, API account, or the system.
- Make your selections, and then click Show Report. The report provides the following information:
- Timestamp: The date and time the event occurred.
- Account: The account name used with the event.
- Event Type: The type of event which occurred, such as a credentials checked in or checked out, or password rotated.
- Performed By: The user who triggered the event.
- Data: Relevant system information message, for example if a password rotation failed, the error message is indicated.
- Endpoint: The system where the event the event occurred.
- Data Service: This column appears in the reporting results only when the Include Windows services events option is enabled. Any errors that occur with service account rotation events are shown in this column.
Note
- Events are logged in order to generate reports, and these logs are saved for 90 days.
- Non-administrative users may experience a more limited /login user experience, depending on the access granted to them by their administrator. For example, a Vault user with limited permissions may potentially see only the Accounts, Vault, and Reports > Vault tabs.
- If a user has been anonymized in an effort to follow compliance standards, the Vault Account Activity report may display pseudonyms for user data or may indicate information has been deleted.
Updated 5 days ago