What is a one sentence summary of your feature request?
Make syslog events more unique
Please describe your idea in detail. What is your problem, why do you feel this idea is the best solution, etc.
Although it is logged which password was revealed, there is a lack of clarity.
Example:
There is an “Administrator” data record in two organizational units – the syslog then only states that the “Administrator” data record was viewed. However, it is not clear exactly which data record this is.
In our opinion, this could be solved as follows, for example:
- Also log the OU (in which the password is located)
- Use a unique ID for the password object
This becomes critical if the event is to be processed in a SIEM to generate alarms. If the password name in Password Secure were then changed, the SIEM alarm would not be triggered!
There are certainly other objects that I haven’t noticed yet that should have an ID instead of an object name in the event.
How do you currently solve the challenges you have by not having this feature?
Restriction of password permissions to read-only for users who use the password. Instructions are available for administrators on what to consider when changing the password name… Nevertheless, there is still a risk of errors.