Privileged Logons
Privileged users have access to the most critical resources in an organization. The prime objective of most attackers is to compromise a privileged account to either exfiltrate information or hijack an organization with ransomware demands. Tracking privileged user activity is a critical part of any organization’s security footprint and important for compliance and governance.
The Privileged Users Logons sub-panel tracks all successful and unsuccessful logon activity for privileged users in the organization.
Visuals
- Failed Logons – Bar chart of failed privileged users’ logons within the specified time frame. Click on a user to view nodes where logons were attempted. Right-click on a user and drill down to ‘Details’ to view a detailed report that can be downloaded or emailed.
- Failed Logon Nodes – Nodes where privileged failed logons occurred.
- Logon Operations – Displays the types of logon events for all privileged successes and failures.
- Successful Logons – Bar chart of successful privileged users’ logons within the specified time frame. Click on a user to view nodes where logons occurred.
- Successful Logon Nodes – Nodes where privileged successful logons occurred.
- Targeted Hosts – Hosts where all privileged logon activity occurred.