Skip to main content

DashboardDashboards Guide

Default Account Access Dashboard

This dashboard provides a view of attempts, both successful and unsuccessful, to access systems in your organization using default user accounts. An account is considered a default account if it contains one of the following substrings in its name:

  • admin

  • default

  • oracle

  • root

  • svc

  • system

Note

This dashboard can assist you in complying with the following regulatory requirements: PCI 10.2.1, "PCI 10.2.4", PCI 10.2.2, PCI 10.3.1, PCI 10.1, CJIS 5.4.1.1, CJIS 5.4.1.1.1, ISO 27001 A.12.4.3, TSC SOC2 CC6.1.6, NIST 800-53 AU-6(7), NIST 800-53 AC-2(9), NIST 800-53 AC-2(11), NIST 800-53 AC-6,  NIST 800-53 AC-6(1),  NIST 800-53 AC-6(2),  NIST 800-53 AC-6(5).

Time Range Filter

The Event : Approx Log Time filter sets the time range for the event data. The default setting is in the last 7 days. You can update this filter with a wide range of customizable settings.

To update the time range filter, click the arrow (icon-expand.png) on the right, under the Edit button, to expand the filters panel. In the Event : Approx Log Time filter, select an operator from the first drop down menu and then enter or select values in the subsequent fields, depending on the operator you selected. To save your filter changes, click Apply on the right side of the filter panel. The updated filter is applied to the visualization.

time-range-options.png

Default Account Access Attemps Count

This two value bar chart displays the total number of unique attempts, either successful or unsuccessful, to access default accounts over the selected time range.

default-account-access-attempts-count.png

Unsuccessful Access Attempts to Organization by Default Account

This table provides details about unsuccessful account access events involving default accounts. These attempts can indicate a potential privilege escalation or a brute force attack.

The table includes the Approx Log Time, Subject, Activity, Activity Type, Dest Host, Domain, Event Code, Host, Result Code, LoginType, User, and Event Raw Logs. Click the heading of the column that you want to sort the data by. Click the arrow icon to change between ascending arrow-up.png and descending arrow-down.png orders. To view all the table rows and columns, you may need to use the vertical and horizontal scroll bars.

unsuccessful-access-attempts.png

Recent Successful Access Attempts to Organization by Default Account

This table provides details about recent activity that took place using default accounts in your organization.

The table includes the Approx Log Time, Subject, Activity, Activity Type, Dest Host, Domain, Event Code, Host, Result Code, LoginType, User, and Event Raw Logs. Click the heading of the column that you want to sort the data by. Click the arrow icon to change between ascending arrow-up.png and descending arrow-down.png orders. To view all the table rows and columns, you may need to use the vertical and horizontal scroll bars.

recent-successful-access-attempts.png