How to run a Report showing Failed Authentication Attempts in RSA Identity Governance & Lifecycle
4 years ago
Originally Published: 2015-09-10
Article Number
000062099
Applies To
RSA Product Set: RSA Identity Governance & Lifecycle 
RSA Version/Condition: 6.9.1, 7.x
 
Issue
How can failed authentication attempts be viewed in RSA Identity Governance & Lifecycle?
 
Resolution
Starting in RSA Identity Governance & Lifecycle 6.9.1, Audit Logging was added as a new feature to the RSA Identity Governance & Lifecycle application. Events that are audited are defined under Admin > System > Audit tab > Audit Log Event Configuration. All events are enabled by default.

To view failed authentication attempts and other audit events, ​​there is an Out-of-the-box (OOTB) Tabular Report that reports audit events for the last 30 days. In the user interface go to Reports > Tabular > Audit Events for the Past 30 Days > Run Report button. Once the report results are available, peruse the results for the LOGIN audit event. The LOGIN audit event audits login-related changes including failed authentication attempts. 

Below is a sample of report output with successful and failed login attempts. If you export the report results (bottom right corner) to a CSV file, you can then sort the report on any of the table columns. In this case you could sort on Event Name to see all the LoginFailureAttempt events grouped together.

User-added image

 

Related Articles

Trending Articles

Don't see what you're looking for?