{"id":30439,"date":"2023-03-23T07:29:57","date_gmt":"2023-03-23T11:29:57","guid":{"rendered":"https:\/\/www.eginnovations.com\/blog\/?p=30439"},"modified":"2024-07-02T06:41:53","modified_gmt":"2024-07-02T10:41:53","slug":"control-and-audit-remote-control-actions-for-security","status":"publish","type":"post","link":"https:\/\/www.eginnovations.com\/blog\/control-and-audit-remote-control-actions-for-security\/","title":{"rendered":"Control and Audit Remote Control Actions for Security"},"content":{"rendered":"<div class=\"inner_content\">\n<p>In an article a few months ago, my colleague covered the functionality within eG Enterprise that ensures secure and traceable audit trails for both users and admins of eG Enterprise allowing automated auditing and reporting for regulatory compliance and security, see <a href=\"https:\/\/www.eginnovations.com\/blog\/auditing-capabilities-in-it-monitoring-tools-for-security-and-compliance\/\/\">Auditing Capabilities in IT Monitoring Tools | eG Innovations.<\/a> Today, I will follow from this article and cover how eG Enterprise also controls and audits the execution of Remote Control Actions and scripts. These features ensure that privileged access and actions are traced and auditable with the added benefit that changes and actions that have unexpected negative side effects can be identified and rectified.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"What_are_Remote_Control_Actions\"><\/span>What are Remote Control Actions?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>When eG Enterprise detects any issues in the target application or infrastructure, an administrator may want to immediately rectify them. For example, the admin may want to kill a runaway process that is taking up a lot of CPU. This is where Remote Control Actions come in.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignright size-full wp-image-30461\" src=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2023\/03\/Remote-img.webp\" alt=\"\" width=\"280\" height=\"251\" srcset=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2023\/03\/Remote-img.webp 280w, https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2023\/03\/Remote-img-140x126.webp 140w\" sizes=\"auto, (max-width: 280px) 100vw, 280px\" \/><\/p>\n<p style=\"margin-bottom: 15px;\">Administrators can use remote control actions to investigate issues in greater detail, to rectify issues and indeed automate certain remediation steps. Common actions include:<\/p>\n<ul>\n<li>Rebooting or powering off servers<\/li>\n<li>Shadowing user sessions and taking screenshots of their sessions for support reasons<\/li>\n<li>Disconnecting idle sessions<\/li>\n<li>Collecting data from the session remotely for diagnostic purposes<\/li>\n<li>Executing scripts or commands remotely for diagnostic or remediation e.g., \u201cKill user GPO (Group Policy Objects) policies\u201d<\/li>\n<\/ul>\n<div style=\"padding: 20px; border: 1px solid #ffd392; background: #fcf8ef; margin-bottom: 30px;\">\n<h2><span class=\"ez-toc-section\" id=\"How_do_Remote_Control_Actions_work_in_eG_Enterprise\"><\/span><img decoding=\"async\" style=\"margin-top: -13px; width: 32px;\" src=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2020\/09\/hand-symbol.png\" alt=\"hand-symbol\" \/> How do Remote Control Actions work in eG Enterprise?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p style=\"margin-bottom: 15px;\">One of the challenges in eG Enterprise is its secure architecture. eG agents do not listen on any <a href=\"https:\/\/blog.netwrix.com\/2022\/08\/04\/open-port-vulnerabilities-list\/\">TCP ports<\/a>, so when a user wants to execute activities on a system, the eG manager does not have a way to directly connect to an agent and control it.<\/p>\n<p style=\"margin-bottom: 15px;\">Remote control is implemented using an intelligent polling mechanism. When an agent communicates with the manager to report performance data, the eG manager piggybacks the response with instructions to start remote control. Once an agent is in control mode, it polls the manager frequently, so that commands provided by admins are instantly executed on the agent systems. This mechanism ensures that no additional TCP ports are used for remote control and admins still have a mechanism to execute remote commands on the target systems.<\/p>\n<p><a href=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2023\/03\/Remote-Control-Action-Multiple-Agents-img-view.jpg\" data-rel=\"lightbox-image-0\" data-rl_title=\"\" data-rl_caption=\"\" title=\"\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-30497\" src=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2023\/03\/Remote-Control-Action-Multiple-Agents-img.webp\" alt=\"\" width=\"750\" height=\"320\" srcset=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2023\/03\/Remote-Control-Action-Multiple-Agents-img.webp 750w, https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2023\/03\/Remote-Control-Action-Multiple-Agents-img-300x128.webp 300w, https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2023\/03\/Remote-Control-Action-Multiple-Agents-img-310x132.webp 310w, https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2023\/03\/Remote-Control-Action-Multiple-Agents-img-140x60.webp 140w\" sizes=\"auto, (max-width: 750px) 100vw, 750px\" \/><\/a><\/p>\n<p style=\"margin-bottom: 5px;\">When it gets instructions from the eG Enterprise interface from an admin, through the eG manager, an agent executes the instructions, as long as it has permissions to do so and the result is communicated back to the eG Enterprise web console.<\/p>\n<\/div>\n<h2><span class=\"ez-toc-section\" id=\"Why_Audit_and_Control_Remote_Control_Actions\"><\/span>Why Audit and Control Remote Control Actions?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignleft size-full wp-image-30462\" src=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2023\/03\/Survey.webp\" alt=\"\" width=\"280\" height=\"251\" srcset=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2023\/03\/Survey.webp 280w, https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2023\/03\/Survey-140x126.webp 140w\" sizes=\"auto, (max-width: 280px) 100vw, 280px\" \/>Many of these actions are powerful and invasive and if used inappropriately can affect the services being delivered (e.g., rebooting servers), or they can compromise data security or user privacy (e.g., taking a screenshot of a user session). Beyond strict Role Based Access Control on privileges to use actions, organizations also need robust tracing and auditing capabilities to ensure the actions of a rogue or malicious employee (<a href=\"https:\/\/www.facebook.com\/HTGUK\/posts\/insider-threats-are-on-the-rise-and-if-left-to-fester-these-internal-problems-co\/5023349557731582\/\">Insider Threats<\/a>) or a rogue script are deterred and detected.<\/p>\n<p style=\"margin-bottom: 15px;\">Specific scenarios organizations need to consider include:<\/p>\n<ul>\n<li>Many organizations do not want <a href=\"https:\/\/medium.com\/@harshanacslab\/what-is-l1-l2-and-l3-support-engineering-6e9ca20c1dbb\">L1 level support staff<\/a>, especially if employed on a casual or contracted basis, to be able to access and see user desktops or perform administrative tasks such as reboots.<\/li>\n<li>MSPs (Managed Service Providers) offering multi-tenancy and tenant self-service will usually need fine grain control of RCAs and the ability to demonstrate secure access and auditing of actions to meet customers compliance requirements.<\/li>\n<li>Quick fixes such as rebooting a server regularly can resolve numerous issues but mask a serious underlying root cause. The ability to audit and review such actions is important.<\/li>\n<li>Operations such as session shadowing and screenshotting a user\u2019s screen need to be tightly controlled and when undertaken properly tracked and auditable on-going. This is especially important in geographies such as Germany where state employee privacy protections beyond GDPR may exist.<\/li>\n<li>For many compliance standards and regulation audit data must be available long beyond the default retention timelines of most cloud platforms and services.<\/li>\n<li>Often security breaches or the actions of malicious ex-employees only become apparent several months or years after the event. The ability to prove criminal or illegal behavior in forensic investigations after the event is important.<\/li>\n<li>If multiple staff are involved in support calls, the ability to verify what has been undertaken and by whom and when can avoid miscommunications and errors and remove a blame culture.<\/li>\n<\/ul>\n<h2><span class=\"ez-toc-section\" id=\"Controlling_Privileged_Access_to_Remote_Control_Actions_RCA_in_eG_Enterprise\"><\/span>Controlling Privileged Access to Remote Control Actions (RCA) in eG Enterprise<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>When adding\/modifying a user in eG Enterprise, an admin can enable\/disable control actions for a user \u2013 i.e., the user could be either associated with all control actions or none. Many organizations usually choose to disable all control for frontline L1 operators.<\/p>\n<p>Beyond this, newer versions of eG Enterprise allow customized access to every single RCA on a per user basis. This could mean a L3 help desk operator could be allowed to session shadow and screenshot a user\u2019s session for diagnostic purposes but would not have privileges to run scripts on the user desktop or perform heavyweight system administration tasks such as server reboots.<\/p>\n<p><a href=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2023\/03\/User-Preference-Test-view.jpg\" data-rel=\"lightbox-image-1\" data-rl_title=\"\" data-rl_caption=\"\" title=\"\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-30481\" src=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2023\/03\/User-Preference-Test.webp\" alt=\"\" width=\"751\" height=\"358\" srcset=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2023\/03\/User-Preference-Test.webp 751w, https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2023\/03\/User-Preference-Test-300x143.webp 300w, https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2023\/03\/User-Preference-Test-310x148.webp 310w, https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2023\/03\/User-Preference-Test-140x67.webp 140w\" sizes=\"auto, (max-width: 751px) 100vw, 751px\" \/><\/a><\/p>\n<div class=\"img_caption\">Figure 1: eG Enterprise provides a simple GUI too customize the commands a user can action \u2013 selecting the radio button \u201cCustomize actions\u201d<\/div>\n<p>Having selected \u201cCustomize Actions\u201d a simple GUI allows fine-grained control over what actions are allowed for each user.<\/p>\n<p><a href=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2023\/03\/Remote-Control-Action-view.jpg\" data-rel=\"lightbox-image-2\" data-rl_title=\"\" data-rl_caption=\"\" title=\"\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-30466\" src=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2023\/03\/Remote-Control-Action.webp\" alt=\"\" width=\"750\" height=\"548\" srcset=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2023\/03\/Remote-Control-Action.webp 750w, https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2023\/03\/Remote-Control-Action-300x219.webp 300w, https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2023\/03\/Remote-Control-Action-310x227.webp 310w, https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2023\/03\/Remote-Control-Action-140x102.webp 140w\" sizes=\"auto, (max-width: 750px) 100vw, 750px\" \/><\/a><\/p>\n<div class=\"img_caption\">Figure 2: Configuration on a per action, per user basis ensures granular and controlled access for security whilst empowering teams with the tools they need to perform their individual role<\/div>\n<p><a href=\"https:\/\/www.eginnovations.com\/white-paper\/observability-for-modern-it-with-eg-enterprise\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-29904\" src=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2023\/02\/observability-modern-IT-banner.webp\" alt=\"\" width=\"850\" height=\"200\" srcset=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2023\/02\/observability-modern-IT-banner.webp 850w, https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2023\/02\/observability-modern-IT-banner-300x71.webp 300w, https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2023\/02\/observability-modern-IT-banner-768x181.webp 768w, https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2023\/02\/observability-modern-IT-banner-800x188.webp 800w, https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2023\/02\/observability-modern-IT-banner-310x73.webp 310w, https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2023\/02\/observability-modern-IT-banner-140x33.webp 140w\" sizes=\"auto, (max-width: 850px) 100vw, 850px\" \/><\/a><\/p>\n<h2><span class=\"ez-toc-section\" id=\"How_to_Access_Remote_Control_Audit_Data\"><\/span>How to Access Remote Control Audit Data<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Audit data for RCA and similar data is restricted to administrator roles and accessible via the eG Enterprise \u201cAdmin\u201d tab. RCAs (Remote Control Actions) and other operations performed by those using the \u201cMonitor\u201d tab are found under Audits -&gt; Monitor. In an equivalent way Audits -&gt; Admin will access audits on administrator operations.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-30467\" src=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2023\/03\/Remote-Control-Audit.webp\" alt=\"\" width=\"750\" height=\"511\" srcset=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2023\/03\/Remote-Control-Audit.webp 750w, https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2023\/03\/Remote-Control-Audit-300x204.webp 300w, https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2023\/03\/Remote-Control-Audit-310x211.webp 310w, https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2023\/03\/Remote-Control-Audit-140x95.webp 140w\" sizes=\"auto, (max-width: 750px) 100vw, 750px\" \/><\/p>\n<div class=\"img_caption\">Figure 3: Where to find the Audit trail for RCAs actioned by eG Enterprise users<\/div>\n<p>Selecting \u201cAudit -&gt; Monitor\u201d will present the user with a filter menu. This smart filter menu will only present what data is available. Select an appropriate timeline on the filter<\/p>\n<p><a href=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2023\/03\/monitor-auditlog-report-view.jpg\" data-rel=\"lightbox-image-3\" data-rl_title=\"\" data-rl_caption=\"\" title=\"\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-30469\" src=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2023\/03\/monitor-auditlog-report.webp\" alt=\"\" width=\"750\" height=\"303\" srcset=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2023\/03\/monitor-auditlog-report.webp 750w, https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2023\/03\/monitor-auditlog-report-300x121.webp 300w, https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2023\/03\/monitor-auditlog-report-310x125.webp 310w, https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2023\/03\/monitor-auditlog-report-140x57.webp 140w\" sizes=\"auto, (max-width: 750px) 100vw, 750px\" \/><\/a><\/p>\n<div class=\"img_caption\">Figure 4: Note how on this system over the last month only the modules where changes have been made and the activities recorded are presented by smart-filtering, ensuring the user does not run blank or null queries. In this case I limited the filter to only view Remote Control Actions.<\/div>\n<p>Filters can be applied to investigate specific users or interfaces (web console, command line, bulk operations, agent discovery operations and so on). It is important that any bulk or automated operations triggered by users are captured within audits.<\/p>\n<p><a href=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2023\/03\/monitor-Auditlog-view.jpg\" data-rel=\"lightbox-image-4\" data-rl_title=\"\" data-rl_caption=\"\" title=\"\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-30471\" src=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2023\/03\/monitor-Auditlog.webp\" alt=\"\" width=\"750\" height=\"303\" srcset=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2023\/03\/monitor-Auditlog.webp 750w, https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2023\/03\/monitor-Auditlog-300x121.webp 300w, https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2023\/03\/monitor-Auditlog-310x125.webp 310w, https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2023\/03\/monitor-Auditlog-140x57.webp 140w\" sizes=\"auto, (max-width: 750px) 100vw, 750px\" \/><\/a><\/p>\n<p>Running the audit, I can see the records arising from support call interactions.<\/p>\n<p><a href=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2023\/03\/RCA-user-logon-issue-view.jpg\" data-rel=\"lightbox-image-5\" data-rl_title=\"\" data-rl_caption=\"\" title=\"\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-30473\" src=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2023\/03\/RCA-user-logon-issue.webp\" alt=\"\" width=\"750\" height=\"388\" srcset=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2023\/03\/RCA-user-logon-issue.webp 750w, https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2023\/03\/RCA-user-logon-issue-300x155.webp 300w, https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2023\/03\/RCA-user-logon-issue-310x160.webp 310w, https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2023\/03\/RCA-user-logon-issue-140x72.webp 140w\" sizes=\"auto, (max-width: 750px) 100vw, 750px\" \/><\/a><\/p>\n<div class=\"img_caption\">Figure 5: Here the administrator of an account \u201crdsdemo\u201d responsible for a Citrix demo farm has been investigating a user logon issue. During the support interaction they investigated the GPOs (Group Policy Objects) in use and performed invasive activities such as taking screenshots.<\/div>\n<p>Ensuring activities such as screenshotting and session shadowing are only performed by authorized staff and furthermore only when appropriate by those staff is essential within an accountable organization.<\/p>\n<p>Other records show operations of the super-privileged \u201cadmin\u201d account viewing data on systems and running commands.<\/p>\n<p><a href=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2023\/03\/scrutiny-audit-view.jpg\" data-rel=\"lightbox-image-6\" data-rl_title=\"\" data-rl_caption=\"\" title=\"\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-30477\" src=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2023\/03\/scrutiny-audit.webp\" alt=\"\" width=\"750\" height=\"387\" srcset=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2023\/03\/scrutiny-audit.webp 750w, https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2023\/03\/scrutiny-audit-300x155.webp 300w, https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2023\/03\/scrutiny-audit-310x160.webp 310w, https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2023\/03\/scrutiny-audit-140x72.webp 140w\" sizes=\"auto, (max-width: 750px) 100vw, 750px\" \/><\/a><\/p>\n<div class=\"img_caption\">Figure 6: Highly privileged Admin activities are all recorded for later scrutiny and audit.<\/div>\n<p>Beyond security and compliance audit, most administrators find this functionality extremely useful for improving their working practices and inter-employee communication. Often during a support incident, it is extremely useful to review in what order and when actions were taken, especially if a second opinion is sought or an incident is handed over to a different team or an employee takes over from the previous help desk shift.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Custom_Remote_Control_Actions\"><\/span>Custom Remote Control Actions<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>It is also possible to add custom RCAs associated with your own bespoke scripts or commands. By default, recent versions of eG Enterprise will require scripts to be signed for additional security. Information on how to do this is covered in the documentation, see: <a href=\"https:\/\/www.eginnovations.com\/documentation\/Monitoring-Using-eG-Enterprise-Suite\/Control-Actions.htm\">Control Actions (eginnovations.com).<\/a><\/p>\n<h2><span class=\"ez-toc-section\" id=\"Further_Information\"><\/span>Further Information<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<ul>\n<li>eG Enterprise has recently undergone a <a href=\"https:\/\/www.techtarget.com\/searchsecurity\/definition\/Soc-2-Service-Organization-Control-2\">SOC 2 type<\/a> audit (January 2023) of its security model and architecture &#8211; for more information see: <a href=\"https:\/\/www.eginnovations.com\/press-releases\/eg-innovations-successfully-completes-soc-2-type-2-audit\">eG Innovations Successfully Completes SOC 2 Type 2 Audit.<\/a><\/li>\n<li>Security aspects of the eG Agent Architecture can be found detailed, here &#8211; <a href=\"https:\/\/www.eginnovations.com\/documentation\/Admin\/Security-Aspects-of-the-eG-Agent-Architecture.htm\">Security Aspects of the eG Agent Architecture (eginnovations.com)<\/a> details on encryption, secure port communication and enforced signing of PowerShell scripts are some of the topics covered.<\/li>\n<li>And Security aspects of the eG Manager Architecture are overviewed in: <a href=\"https:\/\/www.eginnovations.com\/documentation\/Admin\/Security-Aspects-of-the-eG-Manager-Architecture.htm\">Security Aspects of the eG Manager Architecture (eginnovations.com).<\/a> Admin and user audit features are covered here along with features such as Password Policies, SAML for SSON, Two-factor authentication, Account lockout and others.<\/li>\n<li>A recent blog provides a readable overview of eG Enterprise\u2019s audit capabilities, including screenshots of how an administrator would see and use the product \u2013 see: <a href=\"https:\/\/www.eginnovations.com\/blog\/auditing-capabilities-in-it-monitoring-tools-for-security-and-compliance\/\/\">Auditing Capabilities in IT Monitoring Tools | eG Innovations.<\/a><\/li>\n<li>Those interested in auditing features may overlap with the audience for Configuration Change tracking whereby changes to the systems monitored by eG Enterprise are tracked allowing changes that cause issues to be identified rapidly \u2013 a case study of usage is covered by Barry Schiffer in <a href=\"https:\/\/www.eginnovations.com\/blog\/configuration-change-tracking\/\">Configuration and Change Tracking is a Key for IT Observability (eginnovations.com).<\/a> Note, this article is intended to read by the technical architect or administrator.<\/li>\n<li>Read about Remote Control Actions within eG Enterprise as a secure alternative to community script methodologies: <a href=\"https:\/\/www.eginnovations.com\/blog\/automation-integration-monitoring\/\">Automation &amp; Scripting for Monitoring Systems (eginnovations.com).<\/a><\/li>\n<\/ul>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>In an article a few months ago, my colleague covered the functionality within eG Enterprise that ensures secure and traceable audit trails for both users and admins of eG Enterprise allowing automated auditing and reporting for regulatory compliance and security, see Auditing Capabilities in IT Monitoring Tools | eG Innovations. Today, I will follow from [&hellip;]<\/p>\n","protected":false},"author":71,"featured_media":30459,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"_lmt_disableupdate":"no","_lmt_disable":"","footnotes":""},"categories":[409,383,382],"tags":[2054,2053,624,643,1702,1058,580,166,402,2048,2050,2049,232,2052,2051,494],"class_list":["post-30439","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-eg-enterprise","category-it-infrastructure-monitoring","category-unified-monitoring","tag-audit-log","tag-audit-trail","tag-auditing-monitoring-tool","tag-automation","tag-citrix-administrator","tag-euc","tag-help-desk-tools","tag-it-security-audit","tag-msp-monitoring-tools","tag-rca","tag-remote-control","tag-remote-control-actions","tag-security-and-compliance","tag-security-audit","tag-server-remote-control","tag-system-administrator"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v24.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Control and Audit Remote Control Actions for Security<\/title>\n<meta name=\"description\" content=\"Security audit of remote control actions are important. Using audit trails, one can see what actions were initiated &amp; when to fix problems.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.eginnovations.com\/blog\/control-and-audit-remote-control-actions-for-security\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Control and Audit Remote Control Actions for Security\" \/>\n<meta property=\"og:description\" content=\"Security audit of remote control actions are important. Using audit trails, one can see what actions were initiated &amp; when to fix problems.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.eginnovations.com\/blog\/control-and-audit-remote-control-actions-for-security\/\" \/>\n<meta property=\"og:site_name\" content=\"eG Innovations\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/eGInnovations\" \/>\n<meta property=\"article:published_time\" content=\"2023-03-23T11:29:57+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-07-02T10:41:53+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2023\/03\/Auditing-RCA-Social-Banner-Image.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"628\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"James Thomas\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:title\" content=\"Control and Audit Remote Control Actions for Security\" \/>\n<meta name=\"twitter:description\" content=\"Security audit of remote control actions are important. Using audit trails, one can see what actions were initiated &amp; when to fix problems.\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2023\/03\/Auditing-RCA-Social-Banner-Image.jpg\" \/>\n<meta name=\"twitter:creator\" content=\"@eginnovations\" \/>\n<meta name=\"twitter:site\" content=\"@eginnovations\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"James Thomas\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"10 minutes\" \/>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Control and Audit Remote Control Actions for Security","description":"Security audit of remote control actions are important. Using audit trails, one can see what actions were initiated & when to fix problems.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.eginnovations.com\/blog\/control-and-audit-remote-control-actions-for-security\/","og_locale":"en_US","og_type":"article","og_title":"Control and Audit Remote Control Actions for Security","og_description":"Security audit of remote control actions are important. Using audit trails, one can see what actions were initiated & when to fix problems.","og_url":"https:\/\/www.eginnovations.com\/blog\/control-and-audit-remote-control-actions-for-security\/","og_site_name":"eG Innovations","article_publisher":"https:\/\/www.facebook.com\/eGInnovations","article_published_time":"2023-03-23T11:29:57+00:00","article_modified_time":"2024-07-02T10:41:53+00:00","og_image":[{"width":1200,"height":628,"url":"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2023\/03\/Auditing-RCA-Social-Banner-Image.jpg","type":"image\/jpeg"}],"author":"James Thomas","twitter_card":"summary_large_image","twitter_title":"Control and Audit Remote Control Actions for Security","twitter_description":"Security audit of remote control actions are important. Using audit trails, one can see what actions were initiated & when to fix problems.","twitter_image":"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2023\/03\/Auditing-RCA-Social-Banner-Image.jpg","twitter_creator":"@eginnovations","twitter_site":"@eginnovations","twitter_misc":{"Written by":"James Thomas","Est. reading time":"10 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.eginnovations.com\/blog\/control-and-audit-remote-control-actions-for-security\/#article","isPartOf":{"@id":"https:\/\/www.eginnovations.com\/blog\/control-and-audit-remote-control-actions-for-security\/"},"author":{"name":"James Thomas","@id":"https:\/\/www.eginnovations.com\/blog\/#\/schema\/person\/671066eade58f926b44a907d90b9ab7b"},"headline":"Control and Audit Remote Control Actions for Security","datePublished":"2023-03-23T11:29:57+00:00","dateModified":"2024-07-02T10:41:53+00:00","mainEntityOfPage":{"@id":"https:\/\/www.eginnovations.com\/blog\/control-and-audit-remote-control-actions-for-security\/"},"wordCount":1592,"publisher":{"@id":"https:\/\/www.eginnovations.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.eginnovations.com\/blog\/control-and-audit-remote-control-actions-for-security\/#primaryimage"},"thumbnailUrl":"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2023\/03\/Auditing-RCA-Thumbnail.jpg","keywords":["audit log","audit trail","Auditing monitoring tool","Automation","Citrix administrator","EUC","Help desk tools","IT Security Audit","MSP Monitoring tools","RCA","remote control","Remote Control Actions","Security and Compliance","security audit","server remote control","System administrator"],"articleSection":["eG Enterprise","IT Infrastructure Monitoring","Unified Monitoring"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.eginnovations.com\/blog\/control-and-audit-remote-control-actions-for-security\/","url":"https:\/\/www.eginnovations.com\/blog\/control-and-audit-remote-control-actions-for-security\/","name":"Control and Audit Remote Control Actions for Security","isPartOf":{"@id":"https:\/\/www.eginnovations.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.eginnovations.com\/blog\/control-and-audit-remote-control-actions-for-security\/#primaryimage"},"image":{"@id":"https:\/\/www.eginnovations.com\/blog\/control-and-audit-remote-control-actions-for-security\/#primaryimage"},"thumbnailUrl":"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2023\/03\/Auditing-RCA-Thumbnail.jpg","datePublished":"2023-03-23T11:29:57+00:00","dateModified":"2024-07-02T10:41:53+00:00","description":"Security audit of remote control actions are important. Using audit trails, one can see what actions were initiated & when to fix problems.","breadcrumb":{"@id":"https:\/\/www.eginnovations.com\/blog\/control-and-audit-remote-control-actions-for-security\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.eginnovations.com\/blog\/control-and-audit-remote-control-actions-for-security\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.eginnovations.com\/blog\/control-and-audit-remote-control-actions-for-security\/#primaryimage","url":"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2023\/03\/Auditing-RCA-Thumbnail.jpg","contentUrl":"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2023\/03\/Auditing-RCA-Thumbnail.jpg","width":362,"height":235},{"@type":"BreadcrumbList","@id":"https:\/\/www.eginnovations.com\/blog\/control-and-audit-remote-control-actions-for-security\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.eginnovations.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Control and Audit Remote Control Actions for Security"}]},{"@type":"WebSite","@id":"https:\/\/www.eginnovations.com\/blog\/#website","url":"https:\/\/www.eginnovations.com\/blog\/","name":"eG Innovations","description":"IT Performance Monitoring Insights","publisher":{"@id":"https:\/\/www.eginnovations.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.eginnovations.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.eginnovations.com\/blog\/#organization","name":"eG Innovations","alternateName":"eg innovations","url":"https:\/\/www.eginnovations.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.eginnovations.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2014\/07\/eg-logo-dark-gray1_new.jpg","contentUrl":"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2014\/07\/eg-logo-dark-gray1_new.jpg","width":362,"height":235,"caption":"eG Innovations"},"image":{"@id":"https:\/\/www.eginnovations.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/eGInnovations","https:\/\/x.com\/eginnovations"]},{"@type":"Person","@id":"https:\/\/www.eginnovations.com\/blog\/#\/schema\/person\/671066eade58f926b44a907d90b9ab7b","name":"James Thomas","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.eginnovations.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/66ee0f5d576e9552b179b8b4fe8d293b?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/66ee0f5d576e9552b179b8b4fe8d293b?s=96&d=mm&r=g","caption":"James Thomas"},"url":"https:\/\/www.eginnovations.com\/blog\/author\/james-thomas\/"}]}},"modified_by":"eG Innovations","_links":{"self":[{"href":"https:\/\/www.eginnovations.com\/blog\/wp-json\/wp\/v2\/posts\/30439","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.eginnovations.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.eginnovations.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.eginnovations.com\/blog\/wp-json\/wp\/v2\/users\/71"}],"replies":[{"embeddable":true,"href":"https:\/\/www.eginnovations.com\/blog\/wp-json\/wp\/v2\/comments?post=30439"}],"version-history":[{"count":0,"href":"https:\/\/www.eginnovations.com\/blog\/wp-json\/wp\/v2\/posts\/30439\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.eginnovations.com\/blog\/wp-json\/wp\/v2\/media\/30459"}],"wp:attachment":[{"href":"https:\/\/www.eginnovations.com\/blog\/wp-json\/wp\/v2\/media?parent=30439"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.eginnovations.com\/blog\/wp-json\/wp\/v2\/categories?post=30439"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.eginnovations.com\/blog\/wp-json\/wp\/v2\/tags?post=30439"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}