In Privileged Access Manager (PAM), a PAM Admin needs to monitor A2A Auto registrations over a said period of time and also determine if there is any duplicates.

PAM A2A 4.12.3

Advised the following message gets put in the PAM UI session logs on the PAM appliance that it registers to:

PAM-CMN-2437: Device <servername> added successfully with OS type <OS Type> Access methods:  None; Services:  None; VPN Services:  None; Groups:  None; Tags: None; Transparent logins: None; Request Server <servername> is added to A2A via auto-registration.

Also if you have your PAM Appliance forwarding this log to a central Splunk server, you can use the following search filter:

index=<your_index> host=<your_pam_appliance> "RequestServer.ID="
| rex "RequestServer\.ID=(?<request_server_id>\d+)"
| rex "originatingHostName=(?<originating_host_name>\S+)"
| stats count by request_server_id originating_host_name
| where count > 1

This filter will list the A2A request_server_id, originating_host_name and count if a server registered more than once.