Article Number
000031211
Applies To
RSA Product Set: RSA Identity Governance & Lifecycle
RSA Version/Condition: 6.9.1, 7.x
Issue
How can failed authentication attempts be viewed in RSA Identity Governance & Lifecycle?
Resolution
Starting in RSA Identity Governance & Lifecycle 6.9.1, Audit Logging was added as a new feature to the RSA Identity Governance & Lifecycle application. Events that are audited are defined under Admin > System > Audit tab > Audit Log Event Configuration. All events are enabled by default.
To view failed authentication attempts and other audit events, there is an Out-of-the-box (OOTB) Tabular Report that reports audit events for the last 30 days. In the user interface go to Reports > Tabular > Audit Events for the Past 30 Days > Run Report button. Once the report results are available, peruse the results for the LOGIN audit event. The LOGIN audit event audits login-related changes including failed authentication attempts.
Below is a sample of report output with successful and failed login attempts. If you export the report results (bottom right corner) to a CSV file, you can then sort the report on any of the table columns. In this case you could sort on Event Name to see all the LoginFailureAttempt events grouped together.
Image description