Our Desktop Support Team recently onboarded Admin By Request, an Endpoint Privilege Management solution.
Admin By Request enables IT departments to identify Local Admin rights usage, automate rights revocation and replace permanent un-audited admin rights use with an easy to use per request or time limited privilege elevation system with full audit trail.
With Admin By Request, office based or remote workers can safely perform tasks that would previously have required support tickets and valuable helpdesk time. Elevated rights operations such as printer setups, installation/removal of
approved software and plugin management can all be safely performed by users, maximising productivity whilst still maintaining full security framework compliance.
There are several components of its Public API. The only one excluded in this request is the PIN Code API since is only for obtaining a single code for a specified endpoint.
Sample responses are copied from the API docs
Audit Log
The Audit Log API returns an array of audit events. These can be correlated with other data like from the Requests API
The Inventory API returns an inventory of devices with ABR installed
It can optionally also include a software inventory and device group information.
Having this as a dataset also provides extra entity data for hosts. Additionally, this seems like a neat use case for enrichment indexes to identify vulnerable versions of software.
The Requests API returns an array of user requests to run something as administrator.
This data stream would likely work best with a transform or an aggregation query to capture the latest status. The API may return a document for the initial request and one when approved/denied
Description
Our Desktop Support Team recently onboarded Admin By Request, an Endpoint Privilege Management solution.
There are several components of its Public API. The only one excluded in this request is the PIN Code API since is only for obtaining a single code for a specified endpoint.
Sample responses are copied from the API docs
Audit Log
The Audit Log API returns an array of audit events. These can be correlated with other data like from the Requests API
Events
The Events API returns an array of events. Correlation, where applicable, is also possible with the Audit Log API
Inventory
The Inventory API returns an inventory of devices with ABR installed
It can optionally also include a software inventory and device group information.
Having this as a dataset also provides extra entity data for hosts. Additionally, this seems like a neat use case for enrichment indexes to identify vulnerable versions of software.
Requests
The Requests API returns an array of user requests to run something as administrator.
This data stream would likely work best with a transform or an aggregation query to capture the latest status. The API may return a document for the initial request and one when approved/denied