Hopefully I am asking this question in the correct place. Using RSA Security Console. I am looking to make a custom report that shows user failed sign on, but I need it to exclude blank user names, SYSTEM, etc. Basically I only want failed logins for our actual non-admin users. I am guessing that "output columns" would be the place to config this, however none of the options will get the job done. Is there a way to add or edit output columns? If not, how can I go about doing this?
- Community Thread
- Forum Thread
- RSA SecurID
- RSA SecurID Access
In the Security Console, navigate to Reporting > Report > Add New. Then select the Authentication Activity Report and click Next.
In there, you can customize the following options to achieve what you want:
- Display Successful Actions: When Yes, shows successful actions. When No, does not show successful actions
Display Failed Actions: When Yes, shows failed actions. When No, does not show failed actions
Display Warned Actions: When Yes, shows failed actions. When No, does not show failed actions
- Authentication Method:
Set this to SecurID_Native. That will only get events for users authenticating using a Token. Therefore, excluding SYSTEM and admins logging into Security Console using Password.
- Identity Source:
If your normal non-admin users are Active Directory (or any other External Identity Source) users, you can select the Identity User to run the report against excluding your Internal Database users.
Give the report a name and save the changes. You can then run these report to see if it collects the info that you're looking for or not.
The report templates are fixed, there is not a way to add or change the templates, only select what specific options are within any one template.. So, for reports, you typically need to run a report on a wider scope (include those blanks and system names) then if this output is cumbersome to manage in the Security Console... export as CSV and use a macro in Excel (just an example) to parse it down to your preferred targets.
Or, you can use SQL queries directly on the postgres database to mine information, however, there is not a way to use an existing report template here...so your query would need to be complete.