Compliance Auditor; Controlling Access To The Compliance Auditor; Chapter 7, "Compliance Auditor - Novell PRIVILEGED USER MANAGER 2.2.1 - ADMINISTRATION GUIDE 03-31-2010 Administration Manual

Compliance Auditor

7
The Compliance Auditor collects, filters, and generates reports of audit data for analysis and sign-
off by authorized personnel. The Compliance Auditor can be used in conjunction with Command
Control to enable auditors to view security transactions and play back recordings of user activity.
Auditors can record notes against each record, creating permanent archives of activity.
Rules can be configured to pull any number of audit events matching a given filter into the
Compliance Auditor at specific intervals. Examples of filters include username, host, and command
for Command Control. Roles can be assigned to each rule to ensure that an auditor is able to view
only extracted records with a matching role defined in his or her user account. In addition, Access
Control Levels (ACLs) can be defined to restrict access to individual events, and to prevent users
from auditing their own activity.
When an audit event is viewed, auditors can authorize the event, or mark it as unauthorized, escalate
it, and assign it to someone else. Each change is recorded in an indelible audit trail within each
record, along with any notes made by the auditor. Automatic reports can be generated and e-mailed
to the appropriate personnel, and can be used, for example, for daily reporting to managers on audit
activity awaiting sign-off, or hourly reporting triggered by an escalation value to notify senior
management of activity.
To use the Compliance Auditor:
Define roles in user groups to control user access to the Compliance Auditor. See
"Controlling Access to the Compliance Auditor," on page
Create one or more rules to pull the required events into the Compliance Auditor. See
Section 7.2.1, "Adding or Modifying an Audit Rule," on page
Define ACLs for individual users. See
View event records and authorize them, or mark them as unauthorized and define further
action. See Section 7.4, "Compliance Auditor Records," on page
Configure auditing reports to be automatically e-mailed to the appropriate personnel. See
Section 7.3.1, "Adding or Modifying an Audit Report," on page
Provide failover and load balancing by installing the Compliance Auditor on multiple hosts.
See Section 7.6, "Deploying the Compliance Auditor," on page
Export and import compliance auditing settings. See
Compliance Auditor Settings," on page
7.1 Controlling Access to the Compliance
Auditor
Roles can be used to restrict the Compliance Auditor options available to Framework users. For
example, you might want users to be able to audit events, but not administer rules, ACLs, or reports.
To define roles for a user group to control use of the Compliance Auditor:
1 Click Framework User Manager on the home page of the console.
123.
124.
Section 7.5, "Access Control Levels," on page
Section 10.7.1, "Exporting and Importing
152.
Section 7.1,
136.
131.
126.
137.
Compliance Auditor
7
123