This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SecurID® Governance & Lifecycle Recipes

SecurID Governance & Lifecycle recipes is a collection of items, to help you get the most out of your product deployment. For example, a useful report with the SQL to implement or a way to achieve some advanced rule processing.

RSA IGL Recipes: Report - AD Group Summary

RSA IGL Version: V 7.2.x

Modules: Governance

Product Area: Tabular Reports  (Applied to Active Directory Summary Dashboard)

Associated Dashboard & Chart:

Time to apply: ~20 minutes

Summary

This report provides information about key AD groups. 

The goal of this report is to understand AD groups which might need an action taken.

The report can be used by Admin/AD Teams to be understand the risk AD groups.

This report requires the key word: "addashboard" to be added within the description of the AD Account Collector. 
This key word can be added to more than one Account Collector if required.
pastedImage_6.png

Other useful links

 

Example Image (Click to enlarge)

pastedImage_2.png

 

Key Notes

  • This chart/report/dashboard is supplied "as is" - any modification of this item is done at your own risk. 
  • If you have issues applying this chart/report/dashboard, please comment below for help, DO NOT contact the RSA Support team.
  • If you would like more assistance with this chart/report/dashboard or for help in creating other chart/report/dashboards, then RSA Professional Services (RSA PS) is available to help.
    • Please contact your RSA Account Manager or local RSA Sales Rep or reply below for further assistance.

 

Details

This report includes information about AD groups, which may need investigation:

  • Never Reviewed Groups
  • Empty Groups
  • Groups without Owners

 

Report SQL

First test this in your query tool (SQLDeveloper, Toad etc..)

(select * from(
select
					'Never Reviewed Groups' as Status,
					vag.name as "Group Name",
                    vag.cas3 as "Unique Name"
				from Avuser.V_ALL_GROUPS vAG
                left join avuser.V_DATA_COLLECTORS vDC
                on vAG.ADC_ID = vDC.ID
				where LAST_REVIEWED_DATE is null
                and DELETION_DATE is null
                and lower(vDC.DESCRIPTION) like '%addashboard%'
				union all
				select distinct
					'Empty Groups' as Status,
					vAG.name as "Group Name",
                    vag.cas3 as "Unique Name"
				from Avuser.V_ALL_GROUPS vAG
				left join
					(select distinct
						GROUP_ID
					from avuser.V_GRP_MEMBERSHIPS vGM
					) vGM
					on vGM.GROUP_ID = vAG.id
                   left join avuser.V_DATA_COLLECTORS vDC
                on vAG.ADC_ID = vDC.ID
				where vGM.group_id is null
					and vAG.DELETION_DATE is null
                    and lower(vDC.DESCRIPTION) like '%addashboard%'
				union all
				select
					'Groups Without Owner' as Status,
					vAG.name as "Group Name",
                    vag.cas3 as "Unique Name"
				from Avuser.V_ALL_GROUPS vAG
                left join avuser.V_DATA_COLLECTORS vDC
                on vAG.ADC_ID = vDC.ID
				where OWNER_ID is null
					and DELETION_DATE is null
                    and lower(vDC.DESCRIPTION) like '%addashboard%')
				group  by Status, "Group Name", "Unique Name"
                order by Status asc)‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

 

Example of the results:

pastedImage_2.png

 

Report Implementation

  1. Log into RSA IGL as a user who can create reports. In my example, im using AveksaAdmin
  2. Go to "Reports" / "Tabular"
  3. Select "+ Create Report" button
    pastedImage_5.png
  4. Under the "General Tab" add the following details:
    • Name: AD Group Summary
    • Title: AD Group Summary
    • Description: From RSA IGL Link Community. This report provides information about key AD Groups. Note: This chart requires the key word: "addashboard" to be added within the description of the Account Collector.
    • Scope: System
    • Page Size: Letter
    • Orientation: Landscape
      pastedImage_4.png

  5. Under the "Query" Tab, copy the SQL from above
  6. In the bottom bar, press the "Style" button. "Slate" is a good recommendation for reports
    pastedImage_14.png
  7. Press the "Preview" button, you should see some results, as per the example image below.
    If you get an error at this stage, please test your SQL in a Query tool, like "SQL Developer" or "SQL Squirrel" to ensure it works first. 
    If it still doesn't work, please share your SQL and a screen shot of the issue below. DO NOT contact RSA Support 
    pastedImage_6.png
  8. Under the "Columns" Tab, please use the configuration shown in the image below
    pastedImage_5.png

  9. Under the "Display Attributes" tab, please use the configuration shown in the image below
    pastedImage_7.png
  10. Nothing has been set on the "Filter", "Grouping & Sorting" or "Schedule and Email" tabs

 

Next Steps

  • Please "hit reply" and share your feedback - we would love to see an image of this working in your environment!
  • Check out the other content found on the RSA IGL Recipes page: RSA Identity Governance & Lifecycle Recipes 

    Thank you! 

 

Dont forget:
Please login, then "Like"  and "Actions/Follow" this page (Top Right), so as to receive updates and be notified if we modify/change items found here, in future.
pastedImage_4.png
Labels (1)
Was this article helpful? Yes No
No ratings
Version history
Last update:
‎2020-12-07 10:04 AM
Updated by:
Employee (Retired) Employee (Retired)
Contributors

Related Content

Article Dashboard
© 2023 RSA Security LLC or its affiliates. All rights reserved.