RSA IGL Version: V 7.2.x
Product Area: Charts, Single Series (Applied to Active Directory Summary Dashboard)
Associated Dashboard & Report:
Time to apply: ~20 minutes
This chart provides key information about AD last logon's.
The goal of this chart is to understand any risk associated to AD accounts, which have not been used for a long time.
The chart can be used by Admin/AD Teams to be get better visibility into the risk of accounts that have not logged on.
This chart requires the key word: "addashboard" to be added within the description of the AD Account Collector.
This key word can be added to more than one Account Collector if required.
Other useful links
Example Image (Click to enlarge)
- This chart/report/dashboard is supplied "as is" - any modification of this item is done at your own risk.
- This chart assumes that you are collecting the "lastLogonTimestamp" in the AD Account Collector
- If you have issues applying this chart/report/dashboard, please comment below for help, DO NOT contact the RSA Support team.
- If you would like more assistance with this chart/report/dashboard or for help in creating other chart/report/dashboards, then RSA Professional Services (RSA PS) is available to help.
- Please contact your RSA Account Manager or local RSA Sales Rep or reply below for further assistance.
This chart looks at the last logon timestamp for all AD accounts and then groups this information together, based on the following:
- Never (eg. no login timestamp has been recorded within AD)
- 0-29 days
- 30 - 89 Days
- 90-364 days
- 365+ days
The value are shown as a percentage, however if you move over the Pie chart, it will also show the exact value.
First test this in your query tool (SQLDeveloper, Toad etc..)
When DaysSinceLogin < 30 then ' 0-30 Days'
When DaysSinceLogin >= 30 and DaysSinceLogin < 90 then ' 30-90 Days'
When DaysSinceLogin >= 90 and DaysSinceLogin <= 365 then ' 90-365 Days'
When DaysSinceLogin >= 365 then '365 > Days'
end as DayGrouping
TRUNC(SYSDATE) - trunc(pA.LAST_LOGIN_DATE) as DaysSinceLogin
from avuser.PV_ACCOUNT pA, avuser.V_DATA_COLLECTORS vDC
where pA.IS_DISABLED = 0
and pA.ADC_ID = vDC.ID
and LOWER(vDC.DESCRIPTION) LIKE '%addashboard%')
group by DayGrouping)
Example of the results:
- Log into RSA IGL as a user who can create charts. In my example, im using AveksaAdmin
- Go to "Reports" / "Charts"
- Select "+ Create Chart" button
- Under the "General Tab" add the following details:
- Name: AD Days Since Last Logon
From RSA IGL Link Community. This chart displays a summary of the account "days since last logon" for all accounts within Active Directory.
Note: This chart requires the key word: "addashboard" to be added within the description of the Account Collector.
- Type = Single Series Chart
- Under the "Query" Tab, copy the SQL from above.
- "Press the "Preview" button, you should see some results, as per the example image below.
If you get an error at this stage, please test your SQL in a Query tool, like "SQL Developer" or "SQL Squirrel" to ensure it works first.
If it still doesn't work, please share your SQL and a screen shot of the issue below. DO NOT contact RSA Support
- Under the "Columns" Tab, please use the configuration shown in the image below
- Under the "Display Attributes" tab, you should select "PIE 2D". Please also apply these settings, however you can update the wording with what is best for you.
- Under "Title and Axis Names"
- Caption: AD - Days Since Last Logon
- Sub Caption: NOTE: Run Tabular Report 'AD Days Since Last Logon' for full list of accounts with a last logon date greater than 30 days.
- Under "Functional attributes"
- Save the new chart
Please login, then "Like" and "Actions/Follow" this page (Top Right), so as to receive updates and be notified if we modify/change items found here, in future.