Skip to main content
Version: 3.23

Introduction

senhasegura enables automated control of privileged credentials access monitoring that results in reports that can be evidenced for an audit process.

The Reports can be found in a central repository on the menu, granting an easy source of evidence to periodic audits. The reports give complete information about "who, when, where, why, ..." executed the actions through the senhasegura .

All those logs and reports give the company a high level of security governance, including:

  • Privileged activity logging of all actions performed by administrators and regular users with a complete audit trail of who performed each action;

  • Centralized privileged activity auditing and reporting with reports and dashboards;

  • Privileged session reports with search across all text typed and displayed during a session and a video;

  • A forensic search of actions and events identified during a session;

Definitions

senhasegura uses a specific terminology for its functions and functionalities. Thus, some terms must be understood before starting to use the solution:

  • Access groups: used to grant and manage viewing and access to vault credentials;

  • Auditor: User with a profile for the issuance of specific reports in the senhasegura solution;

  • Equipment parameters: behavior settings that can be adjusted in the solution for each type of equipment;

  • Global parameters: behavior settings that can be adjusted globally in senhasegura ;

  • Governance ID: it is used to associate an activity performed in senhasegura to a Changes Management item, such as a Help Desk ticket, for instance;

  • Password custody: possession and use of credentials stored in the senhasegura solution by the user;

  • Protected information: any type of privileged information, such as hashes, RSA keys or digital certificates;

  • Password parameters: Behavior settings that can be adjusted in the solution for each credential;

  • Password policy: set of rules determined to improve the security of a company's users and devices;

  • Password strength: a measure that assesses a password's effectiveness against attacks, and it is based on estimating the number of attempts to guess it;

  • PCI: PCI Security Standards Council is a global forum for the ongoing development, enhancement, storage, dissemination and implementation of security standards for account data protection;

  • User: In-house employees, interns or third parties who use or may require access to the company's systems;

The reports

This section aims to present the reports that senhasegura provides and how to use them.

This manual is divided in the following parts:

  • PCI Reports: information required by PCI standards to identify possible areas of non-compliance;

  • Traceability: information on all changes made to data registered;

  • Accesses to the system: information on user accesses;

  • Events: information on various events related to credentials;

  • Credentials: information on the use of the credentials stored on the vault;

  • Access Control: information on actions perform by the users and access groups;

  • Permissions: information on the permissions related to the screens, roles, profiles and permissions;