Object Types and Attributes Monitored on Pulse Secure Devices

Review a full list of object types Netwrix Auditor can collect on Pulse Secure network devices.

Object Type Actions

 

Logon

  • Successful logon
  • user authenticated successfully
  • user logged in successfully
  • administrative login succeeded
  • SuperAdmin session created using token for administrative logon recovery
  • Admin logged in successfully through the local console
  • Failed logon
  • Login/authentication failed
  • Login attempt from the local console failed
  • Logoff
  • user logged out or session timed out
  • admin logged out or session timed out
  • SuperAdmin session finished or timed out
  • Admin logged off from the local console

Authentication

  • Successful logon
  • VPN Tunneling Successful Logon
  • Logoff
  • VPN connection closed

Configuration

  • Modified
  • Server shutdown/reboot/restart requested
  • Platform administrator account added
  • Console administrator password is disabled or enabled
  • IKEv2 settings modified
  • Global SAML Settings modified
  • SAML Metadata Provider added
  • SAML Metadata Provider removed
  • SAML Metadata Provider updated
  • authentication server added
  • authentication server deleted
  • authentication server modified
  • Sign-in policy created
  • Sign-in policy deleted
  • Sign-in policy modified
  • Sign-in policy multiple user session limit modified
  • Sign-in policy multiple user session modified
  • Sign-in policy multiple user session warning notification modified
  • Updated the order of the sign-in policies
  • Sign-in policy user access parameters modified
  • Sign-in page created
  • Sign-in page deleted
  • Sign-in page updated
  • Sign-in notification created
  • Sign-in notification deleted
  • Sign-in notification updated
  • Sign-in SAML modified

User

  • Added
  • user account added
  • Modified
  • user account password changed
  • user account disabled or enabled
  • user account unlocked
  • user account modified
  • admin rights granted
  • admin rights revoked
  • Removed
  • user account removed

Role

  • Added
  • Role is created
  • Modified
  • Role is modified
  • Removed
  • Role is deleted
  • Copied
  • Role is duplicated

Session

  • Session start
  • VPN Tunneling Session started
  • Session end
  • VPN Tunneling Session ended

Realm

  • Added
  • Realm added
  • Modified
  • IP added to allowed IP list in Realm authentication policy
  • IP removed from allowed IP list
  • IP setting reordered
  • Source IP restriction modified
  • browser restriction set
  • Browser restriction modified
  • browser restriction removed
  • Browser restriction reordered
  • Client-side certificate requirement modified
  • Certificate attribute modified
  • Password restriction modified
  • Minimum password length modified
  • Host Checker restriction is updated
  • User Limit restriction is modified
  • Guaranteed minimum number of users is modified
  • Maximum number of sessions is modified
  • Maximum number of users is modified
  • Realm is modified
 
  • Removed
  • Realm deleted
  • Copied
  • Realm duplicated
  • Renamed
  • Realm renamed