Security Information Management
User Password Monitoring Events
AccelOps generates the following events related to user password monitoring during LDAP discoveries.
LDAP Password Never Expire Events
LDAP Password Not Required Events
LDAP Password Expiry Event
LDAP Password Stale Events
Name | Id | Type | Description |
Event Type | eventType | string | Event type set to PH_DEV_DISCOV_ADS_PASSWORD_NEVER_EXPIRES |
Event Severity | eventSeverity | uint16 | Set to 1. In general, a number between 0 (lowest severity) and 10 (highest severity) |
Event Severity
Category |
eventSeverityCat | string | Set to Low. IN general, takes the values Low, Medium and High. Event Severities 0-4 are mapped to
Low, 5-8 are mapped to Medium and 9-10 are mapped to High |
Event Receive
Time |
phRecvTime | Date | Time at which AccelOps generated this event |
Reporting IP | reptDevIpAddr | Date | AccelOps Super IP |
Relaying IP | relayDevIpAddr | Date | AccelOps Super IP |
Raw Event Log | rawEventMsg | string | Raw event containing all attributes in comma separated “[Attribute] = value” format. |
Host name | hostName | string | Active Directory Server Host Name |
Host IP Address | hostIpAddr | IP | Active Directory Server IP |
User | user | string | User logon name |
User Full Name | userFullName | string | user Full Display Name |
User
Distinguishing Name |
userDN | string | User Distinguishing name |
Password Age | passwordAge | uint64 | Password age in days |
Password Last
Set |
passwordLastSet | Date | Time when password was last set |
LDAP Password Not Required Events
Event Type: PH_DISCOV_ADS_PASSWORD_NOT_REQD
Description: Event contains users whose password is not required
Source: Windows Active Directory Discovery via LDAP Sample event
Key Attributes:
Name | Id | Type | Description |
Event Type | eventType | string | Event type set to PH_DEV_DISCOV_ADS_PASSWORD_NEVER_EXPIRES |
Event Severity | eventSeverity | uint16 | Set to 1. |
Event Severity
Category |
eventSeverityCat | string | Set to Low. IN general, takes the values Low, Medium and High. Event Severities 0-4 are mapped to
Low, 5-8 are mapped to Medium and 9-10 are mapped to High |
Event Receive
Time |
phRecvTime | Date | Time at which AccelOps generated this event |
Reporting IP | reptDevIpAddr | Date | AccelOps Super IP |
Relaying IP | relayDevIpAddr | Date | AccelOps Super IP |
Raw Event Log | rawEventMsg | string | Raw event containing all attributes in comma separated “[Attribute] = value” format. |
Host name | hostName | string | Active Directory Server Host Name |
Host IP Address | hostIpAddr | IP | Active Directory Server IP |
User | user | string | User logon name |
User Full Name | userFullName | string | user Full Display Name |
User
Distinguishing Name |
userDN | string | User Distinguishing name |
LDAP Password Expiry Event
Event Type: PH_DISCOV_ADS_PASSWORD_TO_EXPIRE
Description: Event contains users and the times when their passwords were last set and when their passwords are about to expire Source: Windows Active Directory Discovery via LDAP
Sample event
<174>Feb 12 12:09:29 PH-QA-AUTOTEST phDiscover[22677]: [PH_DISCOV_ADS_PASSWORD_TO_EXPIRE]:[eventSeverity]=PHL_INFO,[procNa me]=phDiscover,[fileName]=dirUser.cpp,[lineNumber]=1750,[hostIpAddr ]=192.168.0.10,[user]=testuser,[userFullName]=Testuser,[userDN]=CN=
Testuser,CN=Users,DC=acme,DC=net,[daysToPasswordExpiry]=0,[password
LastSet]=1360606672,[phLogDetail]=
Key Attributes:
Name | Id | Type | Description |
Event Type | eventType | string | Event type set to PH_DISCOV_ADS_PASSWORD_TO_EXPIRE |
Event Severity | eventSeverity | uint16 | Set to 1. In general, a number between 0 (lowest severity) and 10 (highest severity) |
Event Severity
Category |
eventSeverityCat | string | Set to Low. IN general, takes the values Low, Medium and High. Event Severities 0-4 are mapped to Low, 5-8 are mapped to Medium and 9-10 are mapped to High |
Event Receive
Time |
phRecvTime | Date | Time at which AccelOps generated this event |
Reporting IP | reptDevIpAddr | Date | AccelOps Super IP |
Relaying IP | relayDevIpAddr | Date | AccelOps Super IP |
Raw Event Log | rawEventMsg | string | Raw event containing all attributes in comma separated “[Attribute] = value” format. |
Host name | hostName | string | Active Directory Server Host Name |
Host IP Address | hostIpAddr | IP | Active Directory Server IP |
User | user | string | User logon name |
User Full Name | userFullName | string | user Full Display Name |
User
Distinguishing Name |
userDN | string | User Distinguishing name |
Days to
Password Expiry |
daysToPasswordExpiry | uint64 | Number of days until the password will expire |
Password Last
Set |
passwordLastSet | Date | Time when password was last set |
Name | Id | Type | Description |
Event Type | eventType | string | Event type set to PH_DISCOV_ADS_PASSWORD_STALE |
Event Severity | eventSeverity | uint16 | Set to 1. In general, a number between 0 (lowest severity) and 10 (highest severity) |
Event Severity
Category |
eventSeverityCat | string | Set to Low. IN general, takes the values Low, Medium and High. Event Severities 0-4 are mapped to
Low, 5-8 are mapped to Medium and 9-10 are mapped to High |
Event Receive
Time |
phRecvTime | Date | Time at which AccelOps generated this event |
Reporting IP | reptDevIpAddr | Date | AccelOps Super IP |
Relaying IP | relayDevIpAddr | Date | AccelOps Super IP |
Raw Event Log | rawEventMsg | string | Raw event containing all attributes in comma separated “[Attribute] = value” format. |
Host name | hostName | string | Active Directory Server Host Name |
Host IP Address | hostIpAddr | IP | Active Directory Server IP |
User | user | string | User logon name |
User Full Name | userFullName | string | user Full Display Name |
User
Distinguishing Name |
userDN | string | User Distinguishing name |
Password Age | passwordAge | uint64 | Age of the password in days |
Password Last
Set |
passwordLastSet | Date | Time when password was last set |