Secret Server logs events to Security Information and Event Management (SIEM) platforms that support CEF or Syslog formats. These events can be correlated on the SIEM side so administrators can be alerted when specific events occur on the system. When an administrator sets up a filter for events such as Unlimited Administration being turned on, user lockout, heartbeat failure or Secret expiration, the events are logged with different alert levels depending on their severity.
ArcSight, Splunk, and LogLogic are some of the SIEM and Log Management tools that work with Secret Server. Most SIEM and Log Management tools support Syslog format and are therefore compatible with Secret Server.
Thycotic Software is an official technology partner with Splunk. There is a Secret Server app in the Splunk apps store which aggregates the data coming from Secret Server around
privileged account activity and presents the information in the Splunk dashboard.
Thycotic Software is also an ArcSight CEF certified partner. (screenshot below)
Next Feature: Session Recording >