Privileged Access Management (PAM) Admin wants to know if there is a way to trigger an immediate alert or email notification whenever a password check-in fails?

They are aware of using the scheduled job report for password rotation failures however want a notification in real-time.

When PAM is integrated into Splunk or any other SIEM Solution, they have real-time alerts features in them. 

You can search on and create a real-time alert with the following search criteria:

"cmdname=checkinaccountpassword" "errorcode"

here is an example message:

hostname=<pam hostname>,id=49001,type=checkInAccountPassword,startdate_milliseconds=1763398863299,enddate_milliseconds=1763398863300,startdate=2025-11-17 17:01:03,enddate=2025-11-17 17:01:03,success=0,originaddress=127.0.0.1,originhostname=localhost,metriclevel=1,errorcode=15212,createuserid=super,duration=1,url=/cspm/servlet/adminCLI,description=hashmap { [ commandInitiator=USER ] [ adminUserID=super ] [ cmdName=checkInAccountPassword ] [ TargetAccount.ID=37001 ] [ GKCallback.gkrequest=true ] [ adminPassword= ] [ authentication=CSPM ] }

Then save it as an Alert, which in Splunk, one example of an Alert Type is to email recipients in real-time.