Security Information Management

User Password Monitoring Events

AccelOps generates the following events related to user password monitoring during LDAP discoveries.

LDAP Password Never Expire Events

LDAP Password Not Required Events

LDAP Password Expiry Event

LDAP Password Stale Events

Name	Id	Type	Description
Event Type	eventType	string	Event type set to PH_DEV_DISCOV_ADS_PASSWORD_NEVER_EXPIRES
Event Severity	eventSeverity	uint16	Set to 1. In general, a number between 0 (lowest severity) and 10 (highest severity)
Event Severity Category	eventSeverityCat	string	Set to Low. IN general, takes the values Low, Medium and High. Event Severities 0-4 are mapped to Low, 5-8 are mapped to Medium and 9-10 are mapped to High
Event Receive Time	phRecvTime	Date	Time at which AccelOps generated this event
Reporting IP	reptDevIpAddr	Date	AccelOps Super IP
Relaying IP	relayDevIpAddr	Date	AccelOps Super IP
Raw Event Log	rawEventMsg	string	Raw event containing all attributes in comma separated “[Attribute] = value” format.
Host name	hostName	string	Active Directory Server Host Name
Host IP Address	hostIpAddr	IP	Active Directory Server IP
User	user	string	User logon name
User Full Name	userFullName	string	user Full Display Name
User Distinguishing Name	userDN	string	User Distinguishing name
Password Age	passwordAge	uint64	Password age in days
Password Last Set	passwordLastSet	Date	Time when password was last set

LDAP Password Not Required Events

Event Type: PH_DISCOV_ADS_PASSWORD_NOT_REQD

Description: Event contains users whose password is not required

Source: Windows Active Directory Discovery via LDAP Sample event

Key Attributes:

Name	Id	Type	Description
Event Type	eventType	string	Event type set to PH_DEV_DISCOV_ADS_PASSWORD_NEVER_EXPIRES
Event Severity	eventSeverity	uint16	Set to 1.
Event Severity Category	eventSeverityCat	string	Set to Low. IN general, takes the values Low, Medium and High. Event Severities 0-4 are mapped to Low, 5-8 are mapped to Medium and 9-10 are mapped to High
Event Receive Time	phRecvTime	Date	Time at which AccelOps generated this event
Reporting IP	reptDevIpAddr	Date	AccelOps Super IP
Relaying IP	relayDevIpAddr	Date	AccelOps Super IP
Raw Event Log	rawEventMsg	string	Raw event containing all attributes in comma separated “[Attribute] = value” format.
Host name	hostName	string	Active Directory Server Host Name
Host IP Address	hostIpAddr	IP	Active Directory Server IP
User	user	string	User logon name
User Full Name	userFullName	string	user Full Display Name
User Distinguishing Name	userDN	string	User Distinguishing name

LDAP Password Expiry Event

Event Type: PH_DISCOV_ADS_PASSWORD_TO_EXPIRE

Description: Event contains users and the times when their passwords were last set and when their passwords are about to expire Source: Windows Active Directory Discovery via LDAP

Sample event

<174>Feb 12 12:09:29 PH-QA-AUTOTEST phDiscover[22677]: [PH_DISCOV_ADS_PASSWORD_TO_EXPIRE]:[eventSeverity]=PHL_INFO,[procNa me]=phDiscover,[fileName]=dirUser.cpp,[lineNumber]=1750,[hostIpAddr ]=192.168.0.10,[user]=testuser,[userFullName]=Testuser,[userDN]=CN=

Testuser,CN=Users,DC=acme,DC=net,[daysToPasswordExpiry]=0,[password

LastSet]=1360606672,[phLogDetail]=

Key Attributes:

Name	Id	Type	Description
Event Type	eventType	string	Event type set to PH_DISCOV_ADS_PASSWORD_TO_EXPIRE
Event Severity	eventSeverity	uint16	Set to 1. In general, a number between 0 (lowest severity) and 10 (highest severity)
Event Severity Category	eventSeverityCat	string	Set to Low. IN general, takes the values Low, Medium and High. Event Severities 0-4 are mapped to Low, 5-8 are mapped to Medium and 9-10 are mapped to High

 

Event Receive Time	phRecvTime	Date	Time at which AccelOps generated this event
Reporting IP	reptDevIpAddr	Date	AccelOps Super IP
Relaying IP	relayDevIpAddr	Date	AccelOps Super IP
Raw Event Log	rawEventMsg	string	Raw event containing all attributes in comma separated “[Attribute] = value” format.
Host name	hostName	string	Active Directory Server Host Name
Host IP Address	hostIpAddr	IP	Active Directory Server IP
User	user	string	User logon name
User Full Name	userFullName	string	user Full Display Name
User Distinguishing Name	userDN	string	User Distinguishing name
Days to Password Expiry	daysToPasswordExpiry	uint64	Number of days until the password will expire
Password Last Set	passwordLastSet	Date	Time when password was last set

Name	Id	Type	Description
Event Type	eventType	string	Event type set to PH_DISCOV_ADS_PASSWORD_STALE
Event Severity	eventSeverity	uint16	Set to 1. In general, a number between 0 (lowest severity) and 10 (highest severity)
Event Severity Category	eventSeverityCat	string	Set to Low. IN general, takes the values Low, Medium and High. Event Severities 0-4 are mapped to Low, 5-8 are mapped to Medium and 9-10 are mapped to High
Event Receive Time	phRecvTime	Date	Time at which AccelOps generated this event
Reporting IP	reptDevIpAddr	Date	AccelOps Super IP
Relaying IP	relayDevIpAddr	Date	AccelOps Super IP
Raw Event Log	rawEventMsg	string	Raw event containing all attributes in comma separated “[Attribute] = value” format.
Host name	hostName	string	Active Directory Server Host Name
Host IP Address	hostIpAddr	IP	Active Directory Server IP
User	user	string	User logon name
User Full Name	userFullName	string	user Full Display Name

 

User Distinguishing Name	userDN	string	User Distinguishing name
Password Age	passwordAge	uint64	Age of the password in days
Password Last Set	passwordLastSet	Date	Time when password was last set

 

 

Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!