CEMT Security Log
Posted: Wed Oct 17, 2018 9:34 am
Hello,
After an earlier incident no administrator is claiming responsibility for it came to my attention that the CEMT does not log everything into the securitylog table. I know there isn't much that can be done directly from the CEMT itself, but imagine this:
Agent X somehow gets an administrators CEMT credentials and uses them to create a rouge OD user, or change the password of an existing user. Agent X then proceeds to use the shadow credentials to bla bla bla.... If there is only one CEMT admin then we can shame him/her for allowing their credentials to get pwoned, but if there is more than one admin then who do we hold responsible?
After an earlier incident no administrator is claiming responsibility for it came to my attention that the CEMT does not log everything into the securitylog table. I know there isn't much that can be done directly from the CEMT itself, but imagine this:
Agent X somehow gets an administrators CEMT credentials and uses them to create a rouge OD user, or change the password of an existing user. Agent X then proceeds to use the shadow credentials to bla bla bla.... If there is only one CEMT admin then we can shame him/her for allowing their credentials to get pwoned, but if there is more than one admin then who do we hold responsible?