RSA IGL Recipes: Report - AD Days Since Last Logon

Document created by Jamie Pryer Employee on Dec 7, 2020
Version 1Show Document
  • View in full screen mode

RSA IGL Version: V 7.2.x

Modules: Governance

Product Area: Tabular Reports  (Applied to Active Directory Summary Dashboard)

Associated Dashboard & Chart:

Time to apply: ~20 minutes

 

Summary

This report provides information about the last logon date for all AD accounts. 

The goal of this report is to understand which AD accounts might be a risk

The report can be used by Admin/AD Teams to be understand which AD accounts could be removed potentially. 

This report requires the key word: "addashboard" to be added within the description of the AD Account Collector. 
This key word can be added to more than one Account Collector if required.

 

Other useful links

 

Example Image (Click to enlarge)

 

Key Notes

  • This chart/report/dashboard is supplied "as is" - any modification of this item is done at your own risk. 
  • If you have issues applying this chart/report/dashboard, please comment below for help, DO NOT contact the RSA Support team.
  • If you would like more assistance with this chart/report/dashboard or for help in creating other chart/report/dashboards, then RSA Professional Services (RSA PS) is available to help.
    • Please contact your RSA Account Manager or local RSA Sales Rep or reply below for further assistance.

 

Details

This report includes information about AD Accounts and is sorted by the "oldest" logon date. 

 

Report SQL

First test this in your query tool (SQLDeveloper, Toad etc..)

 

(select * from (select
     accountName as "Account Name",
     RealLastLogon as "Last Logon Date",
     DaysSinceLogin as "Days Since Last Logon"
from (
    select distinct pA.NAME as accountName, pA.LAST_LOGIN_DATE as RealLastLogon, TRUNC(SYSDATE) - trunc(pA.LAST_LOGIN_DATE) as DaysSinceLogin
    from avuser.PV_ACCOUNT pA, avuser.V_BUSINESS_SOURCE vBS, avuser.V_DATA_COLLECTORS vDC
    where pA.IS_DISABLED = 0
    and pA.ADC_ID = vDC.ID and lower(vDC.Description) like '%addashboard%'
    and pA.LAST_LOGIN_DATE is not null
    )
order by "Days Since Last Logon" desc)
where "Days Since Last Logon" > 30)

 

Example of the results:

 

Report Implementation

  1. Log into RSA IGL as a user who can create reports. In my example, im using AveksaAdmin
  2. Go to "Reports" / "Tabular"
  3. Select "+ Create Report" button
  4. Under the "General Tab" add the following details:
    • Name: AD Days Since Last Logon
    • Title: AD Days Since Last Logon
    • Description: From RSA IGL Link Community. This report provides information about AD Accounts and their Last Logon details. Note: This chart requires the key word: "addashboard" to be added within the description of the Account Collector.
    • Scope: System
    • Page Size: Letter
    • Orientation: Landscape


  5. Under the "Query" Tab, copy the SQL from above
  6. In the bottom bar, press the "Style" button. "Slate" is a good recommendation for reports
  7. Press the "Preview" button, you should see some results, as per the example image below.
    If you get an error at this stage, please test your SQL in a Query tool, like "SQL Developer" or "SQL Squirrel" to ensure it works first. 
    If it still doesn't work, please share your SQL and a screen shot of the issue below. DO NOT contact RSA Support 
  8. Under the "Columns" Tab, please use the configuration shown in the image below


  9. Under the "Display Attributes" tab, please use the configuration shown in the image below

  10. Nothing has been set on the "Filter", "Grouping & Sorting" or "Schedule and Email" tabs

 

Next Steps

  • Please "hit reply" and share your feedback - we would love to see an image of this working in your environment!
  • Check out the other content found on the RSA IGL Recipes page: RSA Identity Governance & Lifecycle Recipes 

     

    Thank you! 

 

Dont forget:

 

Please login, then "Like"  and "Actions/Follow" this page (Top Right), so as to receive updates and be notified if we modify/change items found here, in future.

 

 

Attachments

    Outcomes