Report: Abnormal Use of Service Accounts
This report identifies the use of service accounts and the associated transaction origins. For example: The use of a service account from an origin other than the application server would be identified. The report should be reviewed and commented on by IT Management on a weekly basis.
COBIT objectives
This report is designed to meet the following COBIT objectives:
Objective Number | Description |
---|---|
DS5.3 | Database transactions from unauthorized sources are tracked and reviewed by IT Management on a weekly basis |
Setup requirements
Sox Abnormal Use of Service Accounts policy: Object Audit Options and/or User Audit Options
Report columns
The following columns are displayed in the report body.
Columns | Description |
---|---|
User ID | The ID of the database user that conducted the flagged activity |
Terminal | The terminal IP address or name |
Originating Application | The name, or other identifier, for the originating application, if the activity originated from an external application or from an application server |
Number of Actions | The number of actions attempted by the account associated with the User ID |
Timestamp | The exact time the flagged activity was conducted |