Iraje PAM Alerts manual version 7.5

Introduction

Iraje PAM provides Alerts which helps notifying the Super and Group admins and highlighting the users trying to do a specific activity on the devices or accessing the server outside PAM.

The functionality provides transparency to the super admins on identifying unauthorized access by users ensuring secure, authorized and controlled access to target systems. The solution minimizes the risk surface by providing deepest levels of granular control over data controllers and data processors.

Purpose

The purpose of Alert is to have preventive measures in PAM and to identify the cause for the incident. Admin Options are the most critical settings for Iraje PAM. Every feature in Iraje PAM Solution is enabled or disabled from here.

Authentication Mode, 2Factor Authentication, Connection Access method, Warn Password Expiry, Enable Backup User, Allow Password and Connection Request, Setting Password Expiry days, Setting ACP scheduling period, Configuring Email and SMS gateways for alerts, Version path, Defining PAM server, Number Validation Enforced, Access level, Auto Log Cleanup period and various other tabs are configured here.

Critical Module access is only for Admins which is enabled by Val codes provided Iraje PAM Solutions on request. The Settings are only applicable or saved when approved by maker-checker admins.

Target Audience

Super Admins | Information Security Team

Operating Procedure for Alerts

  • Step 1: Enter Username and Password, select Domain and Authentication method and click on Sign-In

  • Step 2: Click on 'Access Control Manager'

  • Step 3: Click on 'Directory Access'

  • Step 4: Select ‘ADMIN’ in select 'Group'

  • Step 5: Go to 'Admin 'Options

  • Step 6: Enable alert checkbox and as per client requirement enable SMS & email alerts

  • Step 7: The below window will pop up, displaying different type of alerts

List of Critical Security Alerts in Iraje PAM

  • Connection Access:

    Devices marked as sensitive can be alerted when they are accessed through Iraje PAM

  • Maker Checker:

    2 Maker Checker All Maker Checker activities can be alerted when done through Iraje PAM

  • Work Flow:

    All work flow approvals can be alerted when done through Iraje PAM

  • Restricted CMD:

    Commands that are restricted in Iraje PAM when executed on the devices can be alerted

  • Show Password:

    The opening of passwords through Iraje PAM can be alerted

  • ACP/Change Password:

    Whenever a password is changed from Iraje PAM or Auto Change Password is triggered from Iraje PAM it can be alerted

  • EMS (Element Management System):

    The critical elements of CPU, Storage and Memory can be alerted when the set thresholds are crossed

  • PIM Login by Outside Agent:

    Unauthorized access to target devices bypassing Iraje PAM can be alerted.

  • Agent Tampered:

    If the agent is tampered an alert will go to the super admins.

  • Admin Options:

    Any setting changes in the admin options can be alerted.

  • Access Control:

    If Access Control Manager is tampered this alert is sent.

  • Replication Alert:

    Whenever a replication service fails an alert goes out to the super admin.

Sample Iraje PAM Alerts

  • Bypass Alerts (PIM Login by Outside Agent)

  • EMS Alerts

  • Work Flow Alerts

  • Maker Checker