This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Discussions

Browse the SecurID discussion board to get product help and collaborate with other SecurID users.
CurtisCrouse1
New Contributor
New Contributor
‎2020-04-27 01:13 PM

Customizing Reports

Hello,

 

Hopefully I am asking this question in the correct place.  Using RSA Security Console.  I am looking to make a custom report that shows user failed sign on, but I need it to exclude blank user names, SYSTEM, etc.  Basically I only want failed logins for our actual non-admin users.  I am guessing that "output columns" would be the place to config this, however none of the options will get the job done.  Is there a way to add or edit output columns?  If not, how can I go about doing this?

 

Thanks!

0 Likes
Reply
4 Replies
_EricaChalfin
Employee (Retired) Employee (Retired)
Employee (Retired)
‎2020-04-27 02:29 PM

Curtis Crouse‌,

 

Welcome to RSA Link!

 

I've moved your question to the RSA SecurID Access" data-type="space space where it will be seen by the product's support engineers, other customers and partners.  Please bookmark this page and use it when you have product-specific questions.

 

Alternatively, from the RSA Customer Support page, click on Ask A Question on the blue navigation bar and choose Ask A Product Related Question.  From there, scroll to RSA SecurID Access" data-type="space‌ and click Ask A Question.  That way your question will appear in the correct space.

 

Regards,

Erica

0 Likes
Reply
MohamedSaber
Employee
Employee
‎2020-04-27 03:01 PM

Curtis Crouse‌,

 

In the Security Console, navigate to Reporting > Report > Add New. Then select the Authentication Activity Report and click Next. 

 

In there, you can customize the following options to achieve what you want:

  • Display Successful Actions: When Yes, shows successful actions. When No, does not show successful actions
    Display Failed Actions: When Yes, shows failed actions. When No, does not show failed actions
    Display Warned Actions: When Yes, shows failed actions. When No, does not show failed actions 

  • Authentication Method:
    Set this to SecurID_Native. That will only get events for users authenticating using a Token. Therefore, excluding SYSTEM and admins logging into Security Console using Password. 

  • Identity Source:
    If your normal non-admin users are Active Directory (or any other External Identity Source) users, you can select the Identity User to run the report against excluding your Internal Database users. 

Give the report a name and save the changes. You can then run these report to see if it collects the info that you're looking for or not. 

 

0 Likes
Reply
EdwardDavis
Employee
Employee
‎2020-04-27 03:30 PM

Hello,

 

The report templates are fixed, there is not a way to add or change the templates, only select what specific options are within any one template.. So, for reports, you typically need to run a report on a wider scope (include those blanks and system names) then if this output is cumbersome to manage in the Security Console... export as CSV and use a macro in Excel (just an example) to parse it down to your preferred targets.

 

Or, you can use SQL queries directly on the postgres database to mine information, however, there is not a way to use an existing report template here...so your query would need to be complete. 

Reply
CurtisCrouse1
New Contributor
New Contributor
In response to EdwardDavis
‎2020-04-27 04:11 PM

thank you

0 Likes
Reply
© 2023 RSA Security LLC or its affiliates. All rights reserved.