ManageEngine Password Manager Pro

About

Password Manager Pro is a secure vault for storing and managing shared sensitive information such as passwords, documents and digital identities of enterprises.

Product Details

Vendor URL: ManageEngine Password Manager Pro

Product Type: Secure vault

Product Tier: Tier II

Integration Method: Syslog

Parser Details

Log Format: Syslog

Expected Normalization Rate: 100%

Data Label: MANAGE_ENGINE_PASSWORD_MANAGER

UDM Fields (list of all UDM fields leveraged in the Parser):

Log File Field	UDM Field
custom filter	principal.ip
custom filter	target.user.user_display_name
custom filter	metadata.product_event_type
static	metadata.product_name
custom filter	target.user.user_display_name
custom filter	extensions.auth.auth_details
custom filter	security_result.action_details
custom logic to set value	security_result.action
custom logic to set value	metadata.event_type
custom filter	metadata.description
static	metadata.vendor_name
custom filter	observer.hostname

Product Event Types

Event	UDM Event Classification
user_authentication_failed	USER_LOGIN
user_authentication_failed	USER_LOGIN
user_logged_out	USER_LOGOUT
all others	GENERIC_EVENT

Log Sample

<38>Apr 20 07:56:30 hostname1 UserAudit:N/A:10.10.0.1 User_Logged_in_-_PMP 2023/04/20 07:56:29 Success hostname1 -john_doe:Authenticated_by_PMP__and_Microsoft_Authenticator

Sample Parsing

extensions.auth.auth_details = "Authenticated_by_PMP__and_Microsoft_Authenticator"
metadata.description = "User_Logged_in_-_PMP"
metadata.event_timestamp.seconds = 1681977390
metadata.event_timestamp.nanos = 0
metadata.event_type = "USER_LOGIN"
metadata.product_event_type = "UserAudit"
metadata.product_name = "Password Manager Pro"
metadata.vendor_name = "ManageEngine"
observer.hostname = "hostname1"
principal.ip = "10.10.0.1"
security_result.action_details = "success"
security_result.action = "ALLOW"
target.user.user_display_name = "john_doe"

Rules

Coming Soon