How to determine which A2A Alias's are being used
search cancel

How to determine which A2A Alias's are being used

book

Article ID: 380407

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

Privileged Access Management (PAM) Admin is looking for a way to determine which A2A Alias(s) are being activity used.

They attempted to use the following report:

PAM UI >> Credentials >> Reports >> Account Requests

However since their purge policy is set to 7 days, the report only goes back 7 days.

Environment

PAM 4.1.x, 4.2.x

A2A 4.12.3

Resolution

PAM Admin was integrating PAM with Splunk, so I advised to run the following search:

index=<your index> host=<pam server> metric "type=getAccount" 
| rex "targetServerAlias=(?<targetServerAlias>[^ ]+)"
| search errorCode=0
| stats count by targetServerAlias

that will count how many times a successful A2A calls against a certain Alias was used.

In Splunk, you can also advise in the search criteria how far you want to go back.  IE: 24 hours, one month, year to date, etc.