Thycotic Secret Server

Version: Thycotic Secret Server version 10.9.

Thycotic Secret Server (SS) is an enterprise-grade, privileged access management solution that is quickly deployable and easily managed. With Thycotic SS, user can automatically discover and manage their privileged accounts through an intuitive interface, protecting against malicious activity, across the enterprise.

Netsurion Open XDR helps to monitor events from Thycotic SS. It’s reports, alerts, and dashboards will help you to analyze the activity logs such as, user management, secret view/delete, heartbeat failure, etc. Reports are provided to get a detailed summary of events during specific time. This contains critical information such as, time of occurrence of events, user source IP and action taken by user.

Dashboards are basically a graphical representation of the events, which allows administrators to take an overview of key information found such as, total number or percentage of audit events or operational events. Alerts, such as, secret heartbeat failure or unsuccessful login attempts, will be triggered in real time to let administrators know, critical events are occurring within their networks.

After the Thycotic Secret Server is configured to deliver events to the Netsurion Open XDR, the dashboards and reports can be configured into Netsurion Open XDR.

The following are the key Data Source Integration available in Netsurion Open XDR.

Alerts

Type Name Description
Security Thycotic SS – A configuration change has been detected This alert is triggered by Netsurion when it detects an event, that is flagged as “configuration changes made by any user.”
Security Thycotic SS – A failed user login has been detected : This alert is triggered, when an event is detected by Netsurion, pointing towards a login failure attempt made by any user.
Operations Thycotic SS – A folder permissions have been changed This alert is triggered by Netsurion when it detects a change in folder permissions.
Operations Thycotic SS – A role has been assigned to a user or group This alert is triggered by Netsurion when a user or group is assigned a new role.
Operations Thycotic SS – A role has been removed from a user or group This alert is triggered by Netsurion when a role is removed from a user or a group.
Operations Thycotic SS – A Secret has expired today This alert is triggered by Netsurion when a secret is expired.
Operations Thycotic SS – A user password has been changed This alert is triggered by Netsurion when a user has changed password.

Reports

Type Name Description
Security Thycotic SS – User login fails This report provides a detailed overview of all the failed login attempts, made by any user. It contains information such as login timestamp, username, and source IP address.
Security Thycotic SS – Configuration Changes This report provides a detailed overview of all the configuration changes made by any user in Thycotic SS console. It contains information such as old and new values, username, and source IP along with the timestamp at which activity was performed.
Operations Thycotic SS – User and Group Management This report provides a detailed overview of all the user and group management activities such as, user create/ delete, group create/delete, etc. It contains information such as, user who made the changes, target user or group name, source IP, and event timestamp.
Operations Thycotic SS – Role Management This report provides a detailed overview of all the role management activities such as, user or group assigned to a role, or disabled role, etc. It contains information such as, user who made the changes, target object name/type, source IP, and event timestamp.
Operations Thycotic SS – Secrets Management This report provides a detailed overview of all the secrets management activities such as, secret created, secret viewed, secret copied, etc. It contains information such as, user who made the changes, target object name/type, source IP, and event timestamp.
Operations Thycotic SS – Folder Management This report provides a detailed overview of all the folder management activities such as, folder created, folder deleted, folder’s permissions changed, etc. It contains information such as, user who made the changes, target object name/type, source IP, and event timestamp.
Operations Thycotic SS – Script Management This report provides a detailed overview of all the script management activities such as, PowerShell script created/deleted, SSH script created/deleted, etc. It contains information such as, user who made the changes, target object name/type, source IP, and event timestamp.

Documentation

The configuration details are consistent with Netsurion Open XDR 9.x or later, and Thycotic Secret Server version 10.9.

Download Integration Guide and How-to Guide for configuration instructions and more information.