000031211 - How to run a Report showing Failed Authentication Attempts in RSA Identity Governance & Lifecycle

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support on Jul 28, 2020
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000031211
Applies ToRSA Product Set: RSA Identity Governance & Lifecycle 
RSA Version/Condition: 6.9.1, 7.x
IssueHow can failed authentication attempts be viewed in RSA Identity Governance & Lifecycle?
ResolutionStarting in RSA Identity Governance & Lifecycle 6.9.1, Audit Logging was added as a new feature to the RSA Identity Governance & Lifecycle application. Events that are audited are defined under Admin > System > Audit tab > Audit Log Event Configuration. All events are enabled by default.

To view failed authentication attempts and other audit events, there is an Out-of-the-box (OOTB) Tabular Report that reports audit events for the last 30 days. In the user interface go to Reports > Tabular > Audit Events for the Past 30 Days > Run Report button. Once the report results are available, peruse the results for the LOGIN audit event. The LOGIN audit event audits login-related changes including failed authentication attempts. 

Below is a sample of report output with successful and failed login attempts. If you export the report results (bottom right corner) to a CSV file, you can then sort the report on any of the table columns. In this case you could sort on Event Name to see all the LoginFailureAttempt events grouped together.

User-added image