Monitoring Service Accounts

For a domain, the product provides a visual snapshot of the service accounts and their activities. You can gather important information on the behaviors and the security standing of the service accounts such as the service accounts have been involved in any suspicious activities, they have not been in use for long, and their password is about to expire. You can then take appropriate actions based on the data that is displayed to you.

To view and monitor service accounts of a domain:

  1. Log in to the product UI as an Admin group user.

  2. Click Overview in the top pane. By default, a visual representation of the service accounts corresponding to the first domain configured in the product is displayed in the Overview tab.

  3. Select the domain whose service accounts you need to monitor in the left pane.

A visual representation of the service accounts and their activity is displayed. By default, the accounts’ activity for the last 15 days is displayed. You can select the time period for which you need to view the accounts’ activity.

Insights provided by graphs

The following aspects of the visual representation help provide insights into the behaviors of the service accounts:

Service Account Activity Overview

For the selected time period, the Service Account Activity Overview section, represented as a pie chart, provides a broad, statistical view of the number of service accounts that have engaged in activity and the number of service accounts that have not engaged in any activity. When you click any section in the pie chart, the corresponding accounts are displayed in the Service Accounts section.

Top Accounts by Activity

For the selected time period, the Top Accounts by Activity section provides a graphical view of the top service accounts that have engaged in maximum activity (number of modifications made to a service account or the number of modifications the service account has made to the user objects of the Active Directory). A maximum of 10 top service accounts can be displayed.

Service Account Password Expiration Status

The Service Account Password Expiration Status section provides a snapshot of the password expiration status of all the service accounts of the domain. The status displayed is for the present time, irrespective of the time period you select. An overall view of the password expiration status in the domain helps you understand how many service accounts need attention for renewal of their passwords.

Service Accounts

For the selected time period, the Service Accounts section displays a summary of all the service accounts in the domain. This summary helps you in gaining a broad view of the account details in the selected time range. For each service account, the following details are displayed as part of the summary:

  • Account Name: The name of the service account.

  • Domain Name: The child domain to which the service account belongs.

  • Services: The number of services that run using the service account.

  • Modifications: The number of changes the service account has made to the objects of the Active Directory or the number of changes that have been made to the service account.

  • Password Status: Information on whether the service account password has expired, is still active, and so on. This information enables administrators to take timely actions on updating the passwords of the service accounts.

  • Password Expiration Date: The date when the password expires or has expired. This information along with the information on modifications helps administrators understand if a service account has not been in use for long and is at a risk of being compromised.

There is also a provision to list a specific service account name along with its summary, hide or show the details for the service accounts that need to be displayed, and export the listed service accounts along with their details.

Service Account Details for monitoring

When you click a service account from the list, the Service Account Details window is displayed, which provides further insights into the service account. The following details are displayed:

  • The manager of the service account.

  • The password expiration date and an option to notify the account manager and other key members on the password renewal action..

  • An option to notify the service account manager and other key members through email on the password expiration status of the service account.

  • The names of the services with which the service account is associated. This information helps in easily identifying which services need to be reconfigured whenever the service account password is updated.

  • For the defined period, the activity of the account. All the changes done to the service account and the changes done by the service account are listed in the Changes Done To Service Account and Changes Done By Service Account tabs respectively. Every change is captured as a single event.

  • On the click of an event in any of the tabs, in-depth information on the change is displayed that will help administrators determine if the change is of a suspicious nature and the account deserves attention. You can view the following details:

    • Overview: The Overview section provides a summary of the initiator of the change and a summary of the change, including the target of the change.

    • Delta: The Delta section provides a list of the attributes of the target that have been modified in the Active Directory, along with their original and modified values.

    • All Event Fields: The All Event Fields section provides a list of all the fields of the event, along with their values.

There is also a provision to list a specific event, hide or show the details for the events that need to be displayed, and export the listed events along with their details.