Secret Server logs events to Security Information and Event Management (SIEM) platforms that support CEF or Syslog formats. These events can be correlated on the SIEM side so administrators can be alerted when specific events occur on the system. When an administrator sets up a filter for events such as Unlimited Administration being turned on, user lockout, heartbeat failure or Secret expiration, the events are logged with different alert levels depending on their severity.
ArcSight, Splunk, and LogLogic are some of the SIEM and Log Management tools that work with Secret Server. Most SIEM and Log Management tools support Syslog format and are therefore compatible with Secret Server.
Thycotic Software is an ArcSight CEF certified partner.
Next Feature: Session Recording >