Target account deleted audit
Article ID: 223709
Updated On:
Products
Issue/Introduction
A target account was deleted from CA PAM but there is knowledge of when and who did it. looking in session log and reports is not enough to determine this.
Environment
Release : PAM all versions
Component : PRIVILEGED ACCESS MANAGEMENT
Resolution
An account delete would display in the Administrative activities report. This can be seen under Credentials > Reports > Run > Administrative Activities report. The concern is the account delete happened longer ago than we expect, in which case the data would no longer be the database and your archive would need to be reviewed. The report is subject to your purge policy and auditlog data. If data can not be found, as this happened further back you would need to review your syslog server if you have this integrated with PAM.
Feedback
