Loading

Set up and manage privileged user monitoring

Serverless Security Preview Stack Preview 9.1.0

Requirements

To use privileged user monitoring, you must:

  • Have the appropriate user role or privileges
  • Turn on the required advanced setting

For more information, refer to Privileged user monitoring requirements.

Before you can start monitoring privileged users, you need to define which users in your environment are considered privileged.

Privileged users typically include accounts with elevated access rights that allow them to configure security settings, manage user permissions, or access sensitive data.

You can define privileged users in the following ways:

To get started, find the Privileged user monitoring page in the navigation menu or use the global search field.

Stack Preview 9.2.0

  1. On the Privileged user monitoring page, select an integration. The supported integrations are:
  2. Follow the steps to install the integration.
  1. On the Privileged user monitoring page, click Index.
  2. From the Select index popup, you can create new or choose existing indices as your data source.
  3. Select Add privileged users.

All user names, specified in the user.name field in your selected indices, will be defined as privileged users.

  1. On the Privileged user monitoring page, click File.
  2. Select or drag and drop the file you want to import. The maximum file size is 1 MB.
  3. Select Add privileged user.

The file must contain at least one column, with each user record listed on a separate row:

  1. The first column specifies the privileged user's user name.
  2. An optional second column may specify a label, representing the user’s role, group, team, or similar.

File structure example:

superadmin
admin01,Domain Admin
sec_ops
jdoe,IT Support
		
Note

Any lines that don’t follow the required file structure will be highlighted, and those users won't be added. We recommend that you fix any invalid lines and re-upload the file.

After setting up your privileged users, you can start monitoring their activity and related insights on the Privileged user monitoring dashboard.

You can update the selected data sources at any time by selecting Manage data sources.

Use the Manage data sources page to update your selected data sources.

You can use multiple data source types, such as an index and a CSV file, at the same time to define privileged users. Users defined through different data source types are monitored together.

On this page, you can:

  • Stack Preview 9.2.0 Change which integrations you're using as data sources.

  • View, remove, and change indices after initially defining them.

  • Import a new supported file with a list of privileged users.

    Note

    Importing a new file will overwrite any users added from a previous file. This doesn't affect users defined through other data source types.