(DI-2311) Collector for User Login Security

The technical name of the Collector for User login Security is /DVD/MON_SEC_CL_COL_USR.

The primary purpose of this collector is to specialize in security issues related to user login, user passwords, and user status within a system, to identify potential vulnerabilities and security threats. The expected maximum age of passwords is configurable.

Default KPIs delivered with this collector

The following KPIs are delivered with this collector:

KPI name

Description

Unit

Detail table

KPI name

Description

Unit

Detail table

SEC_USR_INIT_PW

Number of users with an initial password

Count

Yes

SEC_USR_LOCK

Number of locked users due to incorrect logons

Count

Yes

SEC_USR_OLD

Number of users with password age above the preset threshold

Count

Yes

SEC_USR_SAPS_KER

Security risk with SAP* user

Bool

Yes

Parameters

The following parameters are used for this collector:

Parameter name

Description

Default value

Parameter name

Description

Default value

OLD_PASSWORD

Specifies threshold for a number of days since the last password change. The number of users with aged passwords is reported by KPI USR_OLD

180

SHOW_INI_PASSWORDS

Specifies if SAP-defined initial passwords will be visible in the input table.

'X'

Detail table

The collector provides a detail table for Users password status. The technical name of the detail table is /DVD/MON_SEC_S_USR_DETAIL.

This detail table provides a comprehensive log of security-related events and issues concerning user login and passwords, including locked user accounts and those with initial or outdated passwords. It contains the following fields:

Technical name

Description

Technical name

Description

TIMESTAMP

When the records are saved into the Detail table

SID

System ID

USER_NAME

User Name

USER_TYPE

User type

CLIENT_CODE

Client number

ISSUE

Password Status

DESCRIPTION

Password status description